| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4f4a89b1-2458-4651-9f40-f68633d15f6e
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABDADoAXABjAG8AbABsAGUAYwB0AC0AZQB2AGUAbgB0AC0AbABvAGcALgBwAHMAMQA=
EngineVersion=5.1.14393.1944
RunspaceId=d23bce8b-b429-4119-98d4-e0198965034f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3604 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:05 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4f4a89b1-2458-4651-9f40-f68633d15f6e
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABDADoAXABjAG8AbABsAGUAYwB0AC0AZQB2AGUAbgB0AC0AbABvAGcALgBwAHMAMQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3603 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:05 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4f4a89b1-2458-4651-9f40-f68633d15f6e
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABDADoAXABjAG8AbABsAGUAYwB0AC0AZQB2AGUAbgB0AC0AbABvAGcALgBwAHMAMQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3602 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:05 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4f4a89b1-2458-4651-9f40-f68633d15f6e
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABDADoAXABjAG8AbABsAGUAYwB0AC0AZQB2AGUAbgB0AC0AbABvAGcALgBwAHMAMQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3601 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:05 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4f4a89b1-2458-4651-9f40-f68633d15f6e
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABDADoAXABjAG8AbABsAGUAYwB0AC0AZQB2AGUAbgB0AC0AbABvAGcALgBwAHMAMQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3600 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:05 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4f4a89b1-2458-4651-9f40-f68633d15f6e
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABDADoAXABjAG8AbABsAGUAYwB0AC0AZQB2AGUAbgB0AC0AbABvAGcALgBwAHMAMQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3599 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:05 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4f4a89b1-2458-4651-9f40-f68633d15f6e
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABDADoAXABjAG8AbABsAGUAYwB0AC0AZQB2AGUAbgB0AC0AbABvAGcALgBwAHMAMQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3598 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:05 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5bcd30b7-a2a3-4555-91b6-1e56672d6d26
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=4b812f06-0d9b-44ae-a1d4-57315017fc7e
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 3597 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:05 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5bcd30b7-a2a3-4555-91b6-1e56672d6d26
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=4b812f06-0d9b-44ae-a1d4-57315017fc7e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3596 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:04 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5bcd30b7-a2a3-4555-91b6-1e56672d6d26
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3595 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:04 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5bcd30b7-a2a3-4555-91b6-1e56672d6d26
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3594 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:04 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5bcd30b7-a2a3-4555-91b6-1e56672d6d26
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3593 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:04 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5bcd30b7-a2a3-4555-91b6-1e56672d6d26
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3592 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:04 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5bcd30b7-a2a3-4555-91b6-1e56672d6d26
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3591 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:04 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5bcd30b7-a2a3-4555-91b6-1e56672d6d26
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3590 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:04 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5bcd30b7-a2a3-4555-91b6-1e56672d6d26
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3589 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:04 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5bcd30b7-a2a3-4555-91b6-1e56672d6d26
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3588 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:04 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f8508c0c-f77e-4524-8e0d-4aa71b4902d1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b5db99ff-cee6-4df6-a557-a3a5f611daac
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3587 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:03 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f8508c0c-f77e-4524-8e0d-4aa71b4902d1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3586 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:03 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f8508c0c-f77e-4524-8e0d-4aa71b4902d1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3585 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:03 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f8508c0c-f77e-4524-8e0d-4aa71b4902d1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3584 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:03 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f8508c0c-f77e-4524-8e0d-4aa71b4902d1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3583 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:03 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f8508c0c-f77e-4524-8e0d-4aa71b4902d1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3582 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:03 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f8508c0c-f77e-4524-8e0d-4aa71b4902d1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3581 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:03 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0a082d9a-e48a-45bd-8190-879489ce0693
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAHcAQQAzAEEARABVAEEATwBRAEEAdQBBAEQARQBBAEwAUQBBAHgAQQBEAGcAQQBPAEEAQQA1AEEARABVAEEATgBRAEEAMABBAEQAYwBBAE4AZwBBADIAQQBEAFEAQQBNAEEAQQB5AEEARABNAEEATgB3AEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=5.1.14393.1944
RunspaceId=7bb562b3-c7e7-465c-95b0-9aa95f2db5b2
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3580 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:03 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=14ac821f-346d-4df0-92da-5d2f356c70d7
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMwA3ADUAOQAuADEALQAxADgAOAA5ADUANQA0ADcANgA2ADQAMAAyADMANwAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=e0903787-79d0-4189-b0e6-f77df7c5c9f3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3579 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:03 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=14ac821f-346d-4df0-92da-5d2f356c70d7
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMwA3ADUAOQAuADEALQAxADgAOAA5ADUANQA0ADcANgA2ADQAMAAyADMANwAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=e0903787-79d0-4189-b0e6-f77df7c5c9f3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3578 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=14ac821f-346d-4df0-92da-5d2f356c70d7
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMwA3ADUAOQAuADEALQAxADgAOAA5ADUANQA0ADcANgA2ADQAMAAyADMANwAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3577 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=14ac821f-346d-4df0-92da-5d2f356c70d7
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMwA3ADUAOQAuADEALQAxADgAOAA5ADUANQA0ADcANgA2ADQAMAAyADMANwAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3576 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=14ac821f-346d-4df0-92da-5d2f356c70d7
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMwA3ADUAOQAuADEALQAxADgAOAA5ADUANQA0ADcANgA2ADQAMAAyADMANwAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3575 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=14ac821f-346d-4df0-92da-5d2f356c70d7
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMwA3ADUAOQAuADEALQAxADgAOAA5ADUANQA0ADcANgA2ADQAMAAyADMANwAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3574 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=14ac821f-346d-4df0-92da-5d2f356c70d7
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMwA3ADUAOQAuADEALQAxADgAOAA5ADUANQA0ADcANgA2ADQAMAAyADMANwAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3573 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=14ac821f-346d-4df0-92da-5d2f356c70d7
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMwA3ADUAOQAuADEALQAxADgAOAA5ADUANQA0ADcANgA2ADQAMAAyADMANwAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3572 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0a082d9a-e48a-45bd-8190-879489ce0693
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAHcAQQAzAEEARABVAEEATwBRAEEAdQBBAEQARQBBAEwAUQBBAHgAQQBEAGcAQQBPAEEAQQA1AEEARABVAEEATgBRAEEAMABBAEQAYwBBAE4AZwBBADIAQQBEAFEAQQBNAEEAQQB5AEEARABNAEEATgB3AEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=5.1.14393.1944
RunspaceId=7bb562b3-c7e7-465c-95b0-9aa95f2db5b2
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3571 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0a082d9a-e48a-45bd-8190-879489ce0693
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAHcAQQAzAEEARABVAEEATwBRAEEAdQBBAEQARQBBAEwAUQBBAHgAQQBEAGcAQQBPAEEAQQA1AEEARABVAEEATgBRAEEAMABBAEQAYwBBAE4AZwBBADIAQQBEAFEAQQBNAEEAQQB5AEEARABNAEEATgB3AEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3570 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0a082d9a-e48a-45bd-8190-879489ce0693
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAHcAQQAzAEEARABVAEEATwBRAEEAdQBBAEQARQBBAEwAUQBBAHgAQQBEAGcAQQBPAEEAQQA1AEEARABVAEEATgBRAEEAMABBAEQAYwBBAE4AZwBBADIAQQBEAFEAQQBNAEEAQQB5AEEARABNAEEATgB3AEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3569 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0a082d9a-e48a-45bd-8190-879489ce0693
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAHcAQQAzAEEARABVAEEATwBRAEEAdQBBAEQARQBBAEwAUQBBAHgAQQBEAGcAQQBPAEEAQQA1AEEARABVAEEATgBRAEEAMABBAEQAYwBBAE4AZwBBADIAQQBEAFEAQQBNAEEAQQB5AEEARABNAEEATgB3AEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3568 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0a082d9a-e48a-45bd-8190-879489ce0693
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAHcAQQAzAEEARABVAEEATwBRAEEAdQBBAEQARQBBAEwAUQBBAHgAQQBEAGcAQQBPAEEAQQA1AEEARABVAEEATgBRAEEAMABBAEQAYwBBAE4AZwBBADIAQQBEAFEAQQBNAEEAQQB5AEEARABNAEEATgB3AEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3567 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0a082d9a-e48a-45bd-8190-879489ce0693
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAHcAQQAzAEEARABVAEEATwBRAEEAdQBBAEQARQBBAEwAUQBBAHgAQQBEAGcAQQBPAEEAQQA1AEEARABVAEEATgBRAEEAMABBAEQAYwBBAE4AZwBBADIAQQBEAFEAQQBNAEEAQQB5AEEARABNAEEATgB3AEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3566 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0a082d9a-e48a-45bd-8190-879489ce0693
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAHcAQQAzAEEARABVAEEATwBRAEEAdQBBAEQARQBBAEwAUQBBAHgAQQBEAGcAQQBPAEEAQQA1AEEARABVAEEATgBRAEEAMABBAEQAYwBBAE4AZwBBADIAQQBEAFEAQQBNAEEAQQB5AEEARABNAEEATgB3AEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3565 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8ecc887e-6609-4bc2-8695-7dc3af8366bb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=6a81f5bb-760b-4c2c-9a5d-b027fcfa3d16
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3564 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=651be816-dc7c-4245-8f49-2d6e943afd6b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=392d580c-0c21-458b-9daf-17386bf0c12f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3563 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=651be816-dc7c-4245-8f49-2d6e943afd6b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3562 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=651be816-dc7c-4245-8f49-2d6e943afd6b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3561 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=651be816-dc7c-4245-8f49-2d6e943afd6b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3560 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=651be816-dc7c-4245-8f49-2d6e943afd6b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3559 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=651be816-dc7c-4245-8f49-2d6e943afd6b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3558 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=651be816-dc7c-4245-8f49-2d6e943afd6b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3557 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=651be816-dc7c-4245-8f49-2d6e943afd6b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3556 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=651be816-dc7c-4245-8f49-2d6e943afd6b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3555 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8ecc887e-6609-4bc2-8695-7dc3af8366bb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=6a81f5bb-760b-4c2c-9a5d-b027fcfa3d16
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3554 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:01 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8ecc887e-6609-4bc2-8695-7dc3af8366bb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3553 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:01 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8ecc887e-6609-4bc2-8695-7dc3af8366bb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3552 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:01 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8ecc887e-6609-4bc2-8695-7dc3af8366bb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3551 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:01 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8ecc887e-6609-4bc2-8695-7dc3af8366bb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3550 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:01 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8ecc887e-6609-4bc2-8695-7dc3af8366bb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3549 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:01 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8ecc887e-6609-4bc2-8695-7dc3af8366bb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3548 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:01 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=207e4c1e-dc79-48f9-8604-9785ffcb104a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMwA3ADUAOQAuADEALQAxADgAOAA5ADUANQA0ADcANgA2ADQAMAAyADMANwBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=5.1.14393.1944
RunspaceId=a39908dc-b18e-40fd-88f3-5dae0bbb4bef
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3547 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:01 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=207e4c1e-dc79-48f9-8604-9785ffcb104a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMwA3ADUAOQAuADEALQAxADgAOAA5ADUANQA0ADcANgA2ADQAMAAyADMANwBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=5.1.14393.1944
RunspaceId=a39908dc-b18e-40fd-88f3-5dae0bbb4bef
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3546 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:01 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=207e4c1e-dc79-48f9-8604-9785ffcb104a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMwA3ADUAOQAuADEALQAxADgAOAA5ADUANQA0ADcANgA2ADQAMAAyADMANwBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3545 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:01 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=207e4c1e-dc79-48f9-8604-9785ffcb104a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMwA3ADUAOQAuADEALQAxADgAOAA5ADUANQA0ADcANgA2ADQAMAAyADMANwBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3544 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:01 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=207e4c1e-dc79-48f9-8604-9785ffcb104a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMwA3ADUAOQAuADEALQAxADgAOAA5ADUANQA0ADcANgA2ADQAMAAyADMANwBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3543 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:01 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=207e4c1e-dc79-48f9-8604-9785ffcb104a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMwA3ADUAOQAuADEALQAxADgAOAA5ADUANQA0ADcANgA2ADQAMAAyADMANwBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3542 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:01 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=207e4c1e-dc79-48f9-8604-9785ffcb104a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMwA3ADUAOQAuADEALQAxADgAOAA5ADUANQA0ADcANgA2ADQAMAAyADMANwBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3541 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:01 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=207e4c1e-dc79-48f9-8604-9785ffcb104a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMwA3ADUAOQAuADEALQAxADgAOAA5ADUANQA0ADcANgA2ADQAMAAyADMANwBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3540 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:01 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=059e67ae-1977-4191-bfbe-f683298d2a62
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=4401f698-49ba-4ee5-bdfe-df9f4b389142
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3539 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:00 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ed8c1d5a-ba12-4ae3-a8c5-a35f62c95d24
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c6b46773-8b51-41b4-8e72-8707edbdfc25
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3538 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:00 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ed8c1d5a-ba12-4ae3-a8c5-a35f62c95d24
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3537 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:00 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ed8c1d5a-ba12-4ae3-a8c5-a35f62c95d24
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3536 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:00 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ed8c1d5a-ba12-4ae3-a8c5-a35f62c95d24
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3535 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:00 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ed8c1d5a-ba12-4ae3-a8c5-a35f62c95d24
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3534 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:00 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ed8c1d5a-ba12-4ae3-a8c5-a35f62c95d24
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3533 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:00 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ed8c1d5a-ba12-4ae3-a8c5-a35f62c95d24
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3532 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:00 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ed8c1d5a-ba12-4ae3-a8c5-a35f62c95d24
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3531 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:00 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ed8c1d5a-ba12-4ae3-a8c5-a35f62c95d24
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3530 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:56:00 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=059e67ae-1977-4191-bfbe-f683298d2a62
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=4401f698-49ba-4ee5-bdfe-df9f4b389142
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3529 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=059e67ae-1977-4191-bfbe-f683298d2a62
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3528 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=059e67ae-1977-4191-bfbe-f683298d2a62
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3527 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=059e67ae-1977-4191-bfbe-f683298d2a62
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3526 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=059e67ae-1977-4191-bfbe-f683298d2a62
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3525 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=059e67ae-1977-4191-bfbe-f683298d2a62
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3524 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=059e67ae-1977-4191-bfbe-f683298d2a62
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3523 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=be08d990-7686-4136-b4a6-7e920b41b78f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHoAQQBEAGMAQQBOAFEAQQA1AEEAQwA0AEEATQBRAEEAdABBAEQARQBBAE8AQQBBADQAQQBEAGsAQQBOAFEAQQAxAEEARABRAEEATgB3AEEAMgBBAEQAWQBBAE4AQQBBAHcAQQBEAEkAQQBNAHcAQQAzAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=5.1.14393.1944
RunspaceId=c126759e-2e8e-47cc-b4d1-b19594f4e67b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3522 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b1a73b82-2e03-42ae-94bd-b5dcc2098df2
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAzADcANQA5AC4AMQAtADEAOAA4ADkANQA1ADQANwA2ADYANAAwADIAMwA3ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=d06952af-47b3-468e-911e-86a087e0a336
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3521 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b1a73b82-2e03-42ae-94bd-b5dcc2098df2
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAzADcANQA5AC4AMQAtADEAOAA4ADkANQA1ADQANwA2ADYANAAwADIAMwA3ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=d06952af-47b3-468e-911e-86a087e0a336
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3520 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b1a73b82-2e03-42ae-94bd-b5dcc2098df2
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAzADcANQA5AC4AMQAtADEAOAA4ADkANQA1ADQANwA2ADYANAAwADIAMwA3ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3519 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b1a73b82-2e03-42ae-94bd-b5dcc2098df2
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAzADcANQA5AC4AMQAtADEAOAA4ADkANQA1ADQANwA2ADYANAAwADIAMwA3ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3518 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b1a73b82-2e03-42ae-94bd-b5dcc2098df2
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAzADcANQA5AC4AMQAtADEAOAA4ADkANQA1ADQANwA2ADYANAAwADIAMwA3ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3517 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b1a73b82-2e03-42ae-94bd-b5dcc2098df2
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAzADcANQA5AC4AMQAtADEAOAA4ADkANQA1ADQANwA2ADYANAAwADIAMwA3ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3516 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b1a73b82-2e03-42ae-94bd-b5dcc2098df2
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAzADcANQA5AC4AMQAtADEAOAA4ADkANQA1ADQANwA2ADYANAAwADIAMwA3ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3515 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b1a73b82-2e03-42ae-94bd-b5dcc2098df2
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAzADcANQA5AC4AMQAtADEAOAA4ADkANQA1ADQANwA2ADYANAAwADIAMwA3ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3514 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=be08d990-7686-4136-b4a6-7e920b41b78f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHoAQQBEAGMAQQBOAFEAQQA1AEEAQwA0AEEATQBRAEEAdABBAEQARQBBAE8AQQBBADQAQQBEAGsAQQBOAFEAQQAxAEEARABRAEEATgB3AEEAMgBBAEQAWQBBAE4AQQBBAHcAQQBEAEkAQQBNAHcAQQAzAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=5.1.14393.1944
RunspaceId=c126759e-2e8e-47cc-b4d1-b19594f4e67b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3513 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=be08d990-7686-4136-b4a6-7e920b41b78f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHoAQQBEAGMAQQBOAFEAQQA1AEEAQwA0AEEATQBRAEEAdABBAEQARQBBAE8AQQBBADQAQQBEAGsAQQBOAFEAQQAxAEEARABRAEEATgB3AEEAMgBBAEQAWQBBAE4AQQBBAHcAQQBEAEkAQQBNAHcAQQAzAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3512 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=be08d990-7686-4136-b4a6-7e920b41b78f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHoAQQBEAGMAQQBOAFEAQQA1AEEAQwA0AEEATQBRAEEAdABBAEQARQBBAE8AQQBBADQAQQBEAGsAQQBOAFEAQQAxAEEARABRAEEATgB3AEEAMgBBAEQAWQBBAE4AQQBBAHcAQQBEAEkAQQBNAHcAQQAzAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3511 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=be08d990-7686-4136-b4a6-7e920b41b78f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHoAQQBEAGMAQQBOAFEAQQA1AEEAQwA0AEEATQBRAEEAdABBAEQARQBBAE8AQQBBADQAQQBEAGsAQQBOAFEAQQAxAEEARABRAEEATgB3AEEAMgBBAEQAWQBBAE4AQQBBAHcAQQBEAEkAQQBNAHcAQQAzAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3510 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=be08d990-7686-4136-b4a6-7e920b41b78f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHoAQQBEAGMAQQBOAFEAQQA1AEEAQwA0AEEATQBRAEEAdABBAEQARQBBAE8AQQBBADQAQQBEAGsAQQBOAFEAQQAxAEEARABRAEEATgB3AEEAMgBBAEQAWQBBAE4AQQBBAHcAQQBEAEkAQQBNAHcAQQAzAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3509 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=be08d990-7686-4136-b4a6-7e920b41b78f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHoAQQBEAGMAQQBOAFEAQQA1AEEAQwA0AEEATQBRAEEAdABBAEQARQBBAE8AQQBBADQAQQBEAGsAQQBOAFEAQQAxAEEARABRAEEATgB3AEEAMgBBAEQAWQBBAE4AQQBBAHcAQQBEAEkAQQBNAHcAQQAzAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3508 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=be08d990-7686-4136-b4a6-7e920b41b78f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHoAQQBEAGMAQQBOAFEAQQA1AEEAQwA0AEEATQBRAEEAdABBAEQARQBBAE8AQQBBADQAQQBEAGsAQQBOAFEAQQAxAEEARABRAEEATgB3AEEAMgBBAEQAWQBBAE4AQQBBAHcAQQBEAEkAQQBNAHcAQQAzAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3507 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a5a2d3f9-e7ea-4198-a269-4c10097c90fe
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAHcAQQAzAEEARABVAEEATgBBAEEAdQBBAEQAawBBAEwAUQBBAHkAQQBEAE0AQQBPAFEAQQAwAEEARABVAEEATgBRAEEAMwBBAEQAYwBBAE0AQQBBAHoAQQBEAGMAQQBOAHcAQQA0AEEARABJAEEATQBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=5.1.14393.1944
RunspaceId=336f3ef2-ebb8-48a0-8839-0c71114d3098
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3506 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c66113cf-701c-436f-bffe-369699451169
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMwA3ADUANAAuADkALQAyADMAOQA0ADUANQA3ADcAMAAzADcANwA4ADIAMAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=7544526b-a3ff-4616-8be5-502b6bf1b52f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3505 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c66113cf-701c-436f-bffe-369699451169
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMwA3ADUANAAuADkALQAyADMAOQA0ADUANQA3ADcAMAAzADcANwA4ADIAMAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=7544526b-a3ff-4616-8be5-502b6bf1b52f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3504 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:58 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c66113cf-701c-436f-bffe-369699451169
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMwA3ADUANAAuADkALQAyADMAOQA0ADUANQA3ADcAMAAzADcANwA4ADIAMAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3503 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:58 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c66113cf-701c-436f-bffe-369699451169
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMwA3ADUANAAuADkALQAyADMAOQA0ADUANQA3ADcAMAAzADcANwA4ADIAMAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3502 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:58 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c66113cf-701c-436f-bffe-369699451169
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMwA3ADUANAAuADkALQAyADMAOQA0ADUANQA3ADcAMAAzADcANwA4ADIAMAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3501 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:58 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c66113cf-701c-436f-bffe-369699451169
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMwA3ADUANAAuADkALQAyADMAOQA0ADUANQA3ADcAMAAzADcANwA4ADIAMAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3500 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:58 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c66113cf-701c-436f-bffe-369699451169
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMwA3ADUANAAuADkALQAyADMAOQA0ADUANQA3ADcAMAAzADcANwA4ADIAMAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3499 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:58 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c66113cf-701c-436f-bffe-369699451169
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMwA3ADUANAAuADkALQAyADMAOQA0ADUANQA3ADcAMAAzADcANwA4ADIAMAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3498 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:58 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a5a2d3f9-e7ea-4198-a269-4c10097c90fe
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAHcAQQAzAEEARABVAEEATgBBAEEAdQBBAEQAawBBAEwAUQBBAHkAQQBEAE0AQQBPAFEAQQAwAEEARABVAEEATgBRAEEAMwBBAEQAYwBBAE0AQQBBAHoAQQBEAGMAQQBOAHcAQQA0AEEARABJAEEATQBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=5.1.14393.1944
RunspaceId=336f3ef2-ebb8-48a0-8839-0c71114d3098
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3497 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:58 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a5a2d3f9-e7ea-4198-a269-4c10097c90fe
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAHcAQQAzAEEARABVAEEATgBBAEEAdQBBAEQAawBBAEwAUQBBAHkAQQBEAE0AQQBPAFEAQQAwAEEARABVAEEATgBRAEEAMwBBAEQAYwBBAE0AQQBBAHoAQQBEAGMAQQBOAHcAQQA0AEEARABJAEEATQBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3496 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:58 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a5a2d3f9-e7ea-4198-a269-4c10097c90fe
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAHcAQQAzAEEARABVAEEATgBBAEEAdQBBAEQAawBBAEwAUQBBAHkAQQBEAE0AQQBPAFEAQQAwAEEARABVAEEATgBRAEEAMwBBAEQAYwBBAE0AQQBBAHoAQQBEAGMAQQBOAHcAQQA0AEEARABJAEEATQBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3495 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:58 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a5a2d3f9-e7ea-4198-a269-4c10097c90fe
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAHcAQQAzAEEARABVAEEATgBBAEEAdQBBAEQAawBBAEwAUQBBAHkAQQBEAE0AQQBPAFEAQQAwAEEARABVAEEATgBRAEEAMwBBAEQAYwBBAE0AQQBBAHoAQQBEAGMAQQBOAHcAQQA0AEEARABJAEEATQBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3494 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:58 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a5a2d3f9-e7ea-4198-a269-4c10097c90fe
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAHcAQQAzAEEARABVAEEATgBBAEEAdQBBAEQAawBBAEwAUQBBAHkAQQBEAE0AQQBPAFEAQQAwAEEARABVAEEATgBRAEEAMwBBAEQAYwBBAE0AQQBBAHoAQQBEAGMAQQBOAHcAQQA0AEEARABJAEEATQBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3493 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:58 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a5a2d3f9-e7ea-4198-a269-4c10097c90fe
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAHcAQQAzAEEARABVAEEATgBBAEEAdQBBAEQAawBBAEwAUQBBAHkAQQBEAE0AQQBPAFEAQQAwAEEARABVAEEATgBRAEEAMwBBAEQAYwBBAE0AQQBBAHoAQQBEAGMAQQBOAHcAQQA0AEEARABJAEEATQBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3492 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:58 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a5a2d3f9-e7ea-4198-a269-4c10097c90fe
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAHcAQQAzAEEARABVAEEATgBBAEEAdQBBAEQAawBBAEwAUQBBAHkAQQBEAE0AQQBPAFEAQQAwAEEARABVAEEATgBRAEEAMwBBAEQAYwBBAE0AQQBBAHoAQQBEAGMAQQBOAHcAQQA0AEEARABJAEEATQBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3491 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:58 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=232c5f73-7324-4f85-8f8d-d4bd073acbd7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=5abbcd4d-61b5-4fa0-b55f-fd0d71863c8e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3490 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:58 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ad70a2c8-da9d-489d-929c-bc504139570e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=51a03fad-cb9e-45fe-a186-3d036eef1cdc
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3489 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:58 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ad70a2c8-da9d-489d-929c-bc504139570e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3488 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:58 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ad70a2c8-da9d-489d-929c-bc504139570e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3487 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:58 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ad70a2c8-da9d-489d-929c-bc504139570e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3486 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:58 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ad70a2c8-da9d-489d-929c-bc504139570e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3485 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:58 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ad70a2c8-da9d-489d-929c-bc504139570e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3484 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:58 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ad70a2c8-da9d-489d-929c-bc504139570e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3483 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:58 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ad70a2c8-da9d-489d-929c-bc504139570e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3482 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:58 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ad70a2c8-da9d-489d-929c-bc504139570e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3481 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:58 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=232c5f73-7324-4f85-8f8d-d4bd073acbd7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=5abbcd4d-61b5-4fa0-b55f-fd0d71863c8e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3480 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:57 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=232c5f73-7324-4f85-8f8d-d4bd073acbd7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3479 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:57 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=232c5f73-7324-4f85-8f8d-d4bd073acbd7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3478 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:57 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=232c5f73-7324-4f85-8f8d-d4bd073acbd7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3477 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:57 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=232c5f73-7324-4f85-8f8d-d4bd073acbd7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3476 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:57 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=232c5f73-7324-4f85-8f8d-d4bd073acbd7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3475 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:57 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=232c5f73-7324-4f85-8f8d-d4bd073acbd7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3474 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:57 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b588eca7-0a98-48ea-8139-77d34ccd21ea
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMwA3ADUANAAuADkALQAyADMAOQA0ADUANQA3ADcAMAAzADcANwA4ADIAMABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=5.1.14393.1944
RunspaceId=a6c2812f-c80f-404f-8b66-5b5618a6aa15
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3473 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:57 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b588eca7-0a98-48ea-8139-77d34ccd21ea
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMwA3ADUANAAuADkALQAyADMAOQA0ADUANQA3ADcAMAAzADcANwA4ADIAMABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=5.1.14393.1944
RunspaceId=a6c2812f-c80f-404f-8b66-5b5618a6aa15
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3472 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:56 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b588eca7-0a98-48ea-8139-77d34ccd21ea
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMwA3ADUANAAuADkALQAyADMAOQA0ADUANQA3ADcAMAAzADcANwA4ADIAMABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3471 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:56 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b588eca7-0a98-48ea-8139-77d34ccd21ea
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMwA3ADUANAAuADkALQAyADMAOQA0ADUANQA3ADcAMAAzADcANwA4ADIAMABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3470 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:56 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b588eca7-0a98-48ea-8139-77d34ccd21ea
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMwA3ADUANAAuADkALQAyADMAOQA0ADUANQA3ADcAMAAzADcANwA4ADIAMABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3469 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:56 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b588eca7-0a98-48ea-8139-77d34ccd21ea
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMwA3ADUANAAuADkALQAyADMAOQA0ADUANQA3ADcAMAAzADcANwA4ADIAMABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3468 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:56 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b588eca7-0a98-48ea-8139-77d34ccd21ea
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMwA3ADUANAAuADkALQAyADMAOQA0ADUANQA3ADcAMAAzADcANwA4ADIAMABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3467 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:56 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b588eca7-0a98-48ea-8139-77d34ccd21ea
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMwA3ADUANAAuADkALQAyADMAOQA0ADUANQA3ADcAMAAzADcANwA4ADIAMABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3466 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:56 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bfa91b1c-7f11-40ef-a519-49cb7821f1ec
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=2ca95363-9e03-442d-9268-945d3be118fa
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3465 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:56 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4295f356-55d7-4438-831c-afcf88b59f43
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=018a5dbf-1f2f-4edc-bc4f-d9c0711304ef
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3464 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:56 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4295f356-55d7-4438-831c-afcf88b59f43
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3463 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:56 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4295f356-55d7-4438-831c-afcf88b59f43
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3462 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:56 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4295f356-55d7-4438-831c-afcf88b59f43
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3461 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:56 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4295f356-55d7-4438-831c-afcf88b59f43
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3460 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:56 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4295f356-55d7-4438-831c-afcf88b59f43
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3459 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:56 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4295f356-55d7-4438-831c-afcf88b59f43
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3458 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:56 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4295f356-55d7-4438-831c-afcf88b59f43
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3457 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:56 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4295f356-55d7-4438-831c-afcf88b59f43
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3456 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:56 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bfa91b1c-7f11-40ef-a519-49cb7821f1ec
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=2ca95363-9e03-442d-9268-945d3be118fa
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3455 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:55 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bfa91b1c-7f11-40ef-a519-49cb7821f1ec
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3454 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:55 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bfa91b1c-7f11-40ef-a519-49cb7821f1ec
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3453 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:55 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bfa91b1c-7f11-40ef-a519-49cb7821f1ec
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3452 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:55 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bfa91b1c-7f11-40ef-a519-49cb7821f1ec
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3451 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:55 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bfa91b1c-7f11-40ef-a519-49cb7821f1ec
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3450 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:55 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bfa91b1c-7f11-40ef-a519-49cb7821f1ec
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3449 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:55 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7d571a5d-8067-491d-887d-0f96b9eeb81e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHoAQQBEAGMAQQBOAFEAQQAwAEEAQwA0AEEATwBRAEEAdABBAEQASQBBAE0AdwBBADUAQQBEAFEAQQBOAFEAQQAxAEEARABjAEEATgB3AEEAdwBBAEQATQBBAE4AdwBBADMAQQBEAGcAQQBNAGcAQQB3AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=5.1.14393.1944
RunspaceId=f3a0cc4d-05b4-45b9-9478-caa2eab40e77
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3448 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:55 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e2a6d324-ab1e-49e0-9d52-cc99642f6f18
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAzADcANQA0AC4AOQAtADIAMwA5ADQANQA1ADcANwAwADMANwA3ADgAMgAwACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=d65fb42f-616d-49c7-8317-844957f9f9bc
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3447 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:55 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e2a6d324-ab1e-49e0-9d52-cc99642f6f18
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAzADcANQA0AC4AOQAtADIAMwA5ADQANQA1ADcANwAwADMANwA3ADgAMgAwACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=d65fb42f-616d-49c7-8317-844957f9f9bc
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3446 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:55 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e2a6d324-ab1e-49e0-9d52-cc99642f6f18
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAzADcANQA0AC4AOQAtADIAMwA5ADQANQA1ADcANwAwADMANwA3ADgAMgAwACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3445 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:55 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e2a6d324-ab1e-49e0-9d52-cc99642f6f18
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAzADcANQA0AC4AOQAtADIAMwA5ADQANQA1ADcANwAwADMANwA3ADgAMgAwACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3444 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:55 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e2a6d324-ab1e-49e0-9d52-cc99642f6f18
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAzADcANQA0AC4AOQAtADIAMwA5ADQANQA1ADcANwAwADMANwA3ADgAMgAwACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3443 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:55 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e2a6d324-ab1e-49e0-9d52-cc99642f6f18
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAzADcANQA0AC4AOQAtADIAMwA5ADQANQA1ADcANwAwADMANwA3ADgAMgAwACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3442 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:55 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e2a6d324-ab1e-49e0-9d52-cc99642f6f18
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAzADcANQA0AC4AOQAtADIAMwA5ADQANQA1ADcANwAwADMANwA3ADgAMgAwACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3441 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:55 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e2a6d324-ab1e-49e0-9d52-cc99642f6f18
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAzADcANQA0AC4AOQAtADIAMwA5ADQANQA1ADcANwAwADMANwA3ADgAMgAwACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3440 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:55 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7d571a5d-8067-491d-887d-0f96b9eeb81e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHoAQQBEAGMAQQBOAFEAQQAwAEEAQwA0AEEATwBRAEEAdABBAEQASQBBAE0AdwBBADUAQQBEAFEAQQBOAFEAQQAxAEEARABjAEEATgB3AEEAdwBBAEQATQBBAE4AdwBBADMAQQBEAGcAQQBNAGcAQQB3AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=5.1.14393.1944
RunspaceId=f3a0cc4d-05b4-45b9-9478-caa2eab40e77
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3439 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:55 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7d571a5d-8067-491d-887d-0f96b9eeb81e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHoAQQBEAGMAQQBOAFEAQQAwAEEAQwA0AEEATwBRAEEAdABBAEQASQBBAE0AdwBBADUAQQBEAFEAQQBOAFEAQQAxAEEARABjAEEATgB3AEEAdwBBAEQATQBBAE4AdwBBADMAQQBEAGcAQQBNAGcAQQB3AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3438 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:55 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7d571a5d-8067-491d-887d-0f96b9eeb81e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHoAQQBEAGMAQQBOAFEAQQAwAEEAQwA0AEEATwBRAEEAdABBAEQASQBBAE0AdwBBADUAQQBEAFEAQQBOAFEAQQAxAEEARABjAEEATgB3AEEAdwBBAEQATQBBAE4AdwBBADMAQQBEAGcAQQBNAGcAQQB3AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3437 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:55 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7d571a5d-8067-491d-887d-0f96b9eeb81e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHoAQQBEAGMAQQBOAFEAQQAwAEEAQwA0AEEATwBRAEEAdABBAEQASQBBAE0AdwBBADUAQQBEAFEAQQBOAFEAQQAxAEEARABjAEEATgB3AEEAdwBBAEQATQBBAE4AdwBBADMAQQBEAGcAQQBNAGcAQQB3AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3436 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:55 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7d571a5d-8067-491d-887d-0f96b9eeb81e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHoAQQBEAGMAQQBOAFEAQQAwAEEAQwA0AEEATwBRAEEAdABBAEQASQBBAE0AdwBBADUAQQBEAFEAQQBOAFEAQQAxAEEARABjAEEATgB3AEEAdwBBAEQATQBBAE4AdwBBADMAQQBEAGcAQQBNAGcAQQB3AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3435 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:55 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7d571a5d-8067-491d-887d-0f96b9eeb81e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHoAQQBEAGMAQQBOAFEAQQAwAEEAQwA0AEEATwBRAEEAdABBAEQASQBBAE0AdwBBADUAQQBEAFEAQQBOAFEAQQAxAEEARABjAEEATgB3AEEAdwBBAEQATQBBAE4AdwBBADMAQQBEAGcAQQBNAGcAQQB3AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3434 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:55 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7d571a5d-8067-491d-887d-0f96b9eeb81e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHoAQQBEAGMAQQBOAFEAQQAwAEEAQwA0AEEATwBRAEEAdABBAEQASQBBAE0AdwBBADUAQQBEAFEAQQBOAFEAQQAxAEEARABjAEEATgB3AEEAdwBBAEQATQBBAE4AdwBBADMAQQBEAGcAQQBNAGcAQQB3AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3433 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:55 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b6e23e41-bc1a-4a5a-acd4-42bdd80d940f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAHcAQQAzAEEARABVAEEATQBBAEEAdQBBAEQAWQBBAEwAUQBBAHgAQQBEAFUAQQBPAFEAQQAwAEEARABJAEEATwBBAEEAMwBBAEQASQBBAE0AQQBBADIAQQBEAEUAQQBNAHcAQQA0AEEARABnAEEASQBnAEEAZwBBAEMAMABBAFIAZwBCAHYAQQBIAEkAQQBZAHcAQgBsAEEAQwBBAEEATABRAEIAUwBBAEcAVQBBAFkAdwBCADEAQQBIAEkAQQBjAHcAQgBsAEEARABzAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEQAOABBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBKAEEARwBZAEEASQBBAEEAbwBBAEUAYwBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEEAdABBAEUAVQBBAGMAZwBCAHkAQQBHADgAQQBjAGcAQgBCAEEARwBNAEEAZABBAEIAcABBAEcAOABBAGIAZwBBAGcAQQBGAE0AQQBhAFEAQgBzAEEARwBVAEEAYgBnAEIAMABBAEcAdwBBAGUAUQBCAEQAQQBHADgAQQBiAGcAQgAwAEEARwBrAEEAYgBnAEIAMQBBAEcAVQBBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAEoAQQBCAE0AQQBFAEUAQQBVAHcAQgBVAEEARQBVAEEAVwBBAEIASgBBAEYAUQBBAFEAdwBCAFAAQQBFAFEAQQBSAFEAQQBnAEEASAAwAEEASQBBAEIARgBBAEcAdwBBAGMAdwBCAGwAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAHgAQQBDAEEAQQBmAFEAQQBnAEEASAAwAEEA
EngineVersion=5.1.14393.1944
RunspaceId=6c89924f-7d9f-4d2a-8b4b-002d7699702a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3432 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:54 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f977fb1d-3ed9-4c94-92ef-1cc3da6d27f6
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMwA3ADUAMAAuADYALQAxADUAOQA0ADIAOAA3ADIAMAA2ADEAMwA4ADgAIgAgAC0ARgBvAHIAYwBlACAALQBSAGUAYwB1AHIAcwBlADsACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A
EngineVersion=5.1.14393.1944
RunspaceId=31632020-b340-4844-9e1f-7a500ca587b5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3431 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:54 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f977fb1d-3ed9-4c94-92ef-1cc3da6d27f6
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMwA3ADUAMAAuADYALQAxADUAOQA0ADIAOAA3ADIAMAA2ADEAMwA4ADgAIgAgAC0ARgBvAHIAYwBlACAALQBSAGUAYwB1AHIAcwBlADsACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A
EngineVersion=5.1.14393.1944
RunspaceId=31632020-b340-4844-9e1f-7a500ca587b5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3430 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:54 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f977fb1d-3ed9-4c94-92ef-1cc3da6d27f6
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMwA3ADUAMAAuADYALQAxADUAOQA0ADIAOAA3ADIAMAA2ADEAMwA4ADgAIgAgAC0ARgBvAHIAYwBlACAALQBSAGUAYwB1AHIAcwBlADsACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3429 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:54 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f977fb1d-3ed9-4c94-92ef-1cc3da6d27f6
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMwA3ADUAMAAuADYALQAxADUAOQA0ADIAOAA3ADIAMAA2ADEAMwA4ADgAIgAgAC0ARgBvAHIAYwBlACAALQBSAGUAYwB1AHIAcwBlADsACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3428 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:54 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f977fb1d-3ed9-4c94-92ef-1cc3da6d27f6
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMwA3ADUAMAAuADYALQAxADUAOQA0ADIAOAA3ADIAMAA2ADEAMwA4ADgAIgAgAC0ARgBvAHIAYwBlACAALQBSAGUAYwB1AHIAcwBlADsACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3427 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:54 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f977fb1d-3ed9-4c94-92ef-1cc3da6d27f6
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMwA3ADUAMAAuADYALQAxADUAOQA0ADIAOAA3ADIAMAA2ADEAMwA4ADgAIgAgAC0ARgBvAHIAYwBlACAALQBSAGUAYwB1AHIAcwBlADsACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3426 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:54 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f977fb1d-3ed9-4c94-92ef-1cc3da6d27f6
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMwA3ADUAMAAuADYALQAxADUAOQA0ADIAOAA3ADIAMAA2ADEAMwA4ADgAIgAgAC0ARgBvAHIAYwBlACAALQBSAGUAYwB1AHIAcwBlADsACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3425 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:54 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f977fb1d-3ed9-4c94-92ef-1cc3da6d27f6
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMwA3ADUAMAAuADYALQAxADUAOQA0ADIAOAA3ADIAMAA2ADEAMwA4ADgAIgAgAC0ARgBvAHIAYwBlACAALQBSAGUAYwB1AHIAcwBlADsACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3424 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:54 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b6e23e41-bc1a-4a5a-acd4-42bdd80d940f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAHcAQQAzAEEARABVAEEATQBBAEEAdQBBAEQAWQBBAEwAUQBBAHgAQQBEAFUAQQBPAFEAQQAwAEEARABJAEEATwBBAEEAMwBBAEQASQBBAE0AQQBBADIAQQBEAEUAQQBNAHcAQQA0AEEARABnAEEASQBnAEEAZwBBAEMAMABBAFIAZwBCAHYAQQBIAEkAQQBZAHcAQgBsAEEAQwBBAEEATABRAEIAUwBBAEcAVQBBAFkAdwBCADEAQQBIAEkAQQBjAHcAQgBsAEEARABzAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEQAOABBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBKAEEARwBZAEEASQBBAEEAbwBBAEUAYwBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEEAdABBAEUAVQBBAGMAZwBCAHkAQQBHADgAQQBjAGcAQgBCAEEARwBNAEEAZABBAEIAcABBAEcAOABBAGIAZwBBAGcAQQBGAE0AQQBhAFEAQgBzAEEARwBVAEEAYgBnAEIAMABBAEcAdwBBAGUAUQBCAEQAQQBHADgAQQBiAGcAQgAwAEEARwBrAEEAYgBnAEIAMQBBAEcAVQBBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAEoAQQBCAE0AQQBFAEUAQQBVAHcAQgBVAEEARQBVAEEAVwBBAEIASgBBAEYAUQBBAFEAdwBCAFAAQQBFAFEAQQBSAFEAQQBnAEEASAAwAEEASQBBAEIARgBBAEcAdwBBAGMAdwBCAGwAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAHgAQQBDAEEAQQBmAFEAQQBnAEEASAAwAEEA
EngineVersion=5.1.14393.1944
RunspaceId=6c89924f-7d9f-4d2a-8b4b-002d7699702a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3423 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:54 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b6e23e41-bc1a-4a5a-acd4-42bdd80d940f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAHcAQQAzAEEARABVAEEATQBBAEEAdQBBAEQAWQBBAEwAUQBBAHgAQQBEAFUAQQBPAFEAQQAwAEEARABJAEEATwBBAEEAMwBBAEQASQBBAE0AQQBBADIAQQBEAEUAQQBNAHcAQQA0AEEARABnAEEASQBnAEEAZwBBAEMAMABBAFIAZwBCAHYAQQBIAEkAQQBZAHcAQgBsAEEAQwBBAEEATABRAEIAUwBBAEcAVQBBAFkAdwBCADEAQQBIAEkAQQBjAHcAQgBsAEEARABzAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEQAOABBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBKAEEARwBZAEEASQBBAEEAbwBBAEUAYwBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEEAdABBAEUAVQBBAGMAZwBCAHkAQQBHADgAQQBjAGcAQgBCAEEARwBNAEEAZABBAEIAcABBAEcAOABBAGIAZwBBAGcAQQBGAE0AQQBhAFEAQgBzAEEARwBVAEEAYgBnAEIAMABBAEcAdwBBAGUAUQBCAEQAQQBHADgAQQBiAGcAQgAwAEEARwBrAEEAYgBnAEIAMQBBAEcAVQBBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAEoAQQBCAE0AQQBFAEUAQQBVAHcAQgBVAEEARQBVAEEAVwBBAEIASgBBAEYAUQBBAFEAdwBCAFAAQQBFAFEAQQBSAFEAQQBnAEEASAAwAEEASQBBAEIARgBBAEcAdwBBAGMAdwBCAGwAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAHgAQQBDAEEAQQBmAFEAQQBnAEEASAAwAEEA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3422 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:54 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b6e23e41-bc1a-4a5a-acd4-42bdd80d940f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAHcAQQAzAEEARABVAEEATQBBAEEAdQBBAEQAWQBBAEwAUQBBAHgAQQBEAFUAQQBPAFEAQQAwAEEARABJAEEATwBBAEEAMwBBAEQASQBBAE0AQQBBADIAQQBEAEUAQQBNAHcAQQA0AEEARABnAEEASQBnAEEAZwBBAEMAMABBAFIAZwBCAHYAQQBIAEkAQQBZAHcAQgBsAEEAQwBBAEEATABRAEIAUwBBAEcAVQBBAFkAdwBCADEAQQBIAEkAQQBjAHcAQgBsAEEARABzAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEQAOABBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBKAEEARwBZAEEASQBBAEEAbwBBAEUAYwBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEEAdABBAEUAVQBBAGMAZwBCAHkAQQBHADgAQQBjAGcAQgBCAEEARwBNAEEAZABBAEIAcABBAEcAOABBAGIAZwBBAGcAQQBGAE0AQQBhAFEAQgBzAEEARwBVAEEAYgBnAEIAMABBAEcAdwBBAGUAUQBCAEQAQQBHADgAQQBiAGcAQgAwAEEARwBrAEEAYgBnAEIAMQBBAEcAVQBBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAEoAQQBCAE0AQQBFAEUAQQBVAHcAQgBVAEEARQBVAEEAVwBBAEIASgBBAEYAUQBBAFEAdwBCAFAAQQBFAFEAQQBSAFEAQQBnAEEASAAwAEEASQBBAEIARgBBAEcAdwBBAGMAdwBCAGwAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAHgAQQBDAEEAQQBmAFEAQQBnAEEASAAwAEEA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3421 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:54 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b6e23e41-bc1a-4a5a-acd4-42bdd80d940f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAHcAQQAzAEEARABVAEEATQBBAEEAdQBBAEQAWQBBAEwAUQBBAHgAQQBEAFUAQQBPAFEAQQAwAEEARABJAEEATwBBAEEAMwBBAEQASQBBAE0AQQBBADIAQQBEAEUAQQBNAHcAQQA0AEEARABnAEEASQBnAEEAZwBBAEMAMABBAFIAZwBCAHYAQQBIAEkAQQBZAHcAQgBsAEEAQwBBAEEATABRAEIAUwBBAEcAVQBBAFkAdwBCADEAQQBIAEkAQQBjAHcAQgBsAEEARABzAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEQAOABBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBKAEEARwBZAEEASQBBAEEAbwBBAEUAYwBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEEAdABBAEUAVQBBAGMAZwBCAHkAQQBHADgAQQBjAGcAQgBCAEEARwBNAEEAZABBAEIAcABBAEcAOABBAGIAZwBBAGcAQQBGAE0AQQBhAFEAQgBzAEEARwBVAEEAYgBnAEIAMABBAEcAdwBBAGUAUQBCAEQAQQBHADgAQQBiAGcAQgAwAEEARwBrAEEAYgBnAEIAMQBBAEcAVQBBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAEoAQQBCAE0AQQBFAEUAQQBVAHcAQgBVAEEARQBVAEEAVwBBAEIASgBBAEYAUQBBAFEAdwBCAFAAQQBFAFEAQQBSAFEAQQBnAEEASAAwAEEASQBBAEIARgBBAEcAdwBBAGMAdwBCAGwAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAHgAQQBDAEEAQQBmAFEAQQBnAEEASAAwAEEA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3420 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:54 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b6e23e41-bc1a-4a5a-acd4-42bdd80d940f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAHcAQQAzAEEARABVAEEATQBBAEEAdQBBAEQAWQBBAEwAUQBBAHgAQQBEAFUAQQBPAFEAQQAwAEEARABJAEEATwBBAEEAMwBBAEQASQBBAE0AQQBBADIAQQBEAEUAQQBNAHcAQQA0AEEARABnAEEASQBnAEEAZwBBAEMAMABBAFIAZwBCAHYAQQBIAEkAQQBZAHcAQgBsAEEAQwBBAEEATABRAEIAUwBBAEcAVQBBAFkAdwBCADEAQQBIAEkAQQBjAHcAQgBsAEEARABzAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEQAOABBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBKAEEARwBZAEEASQBBAEEAbwBBAEUAYwBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEEAdABBAEUAVQBBAGMAZwBCAHkAQQBHADgAQQBjAGcAQgBCAEEARwBNAEEAZABBAEIAcABBAEcAOABBAGIAZwBBAGcAQQBGAE0AQQBhAFEAQgBzAEEARwBVAEEAYgBnAEIAMABBAEcAdwBBAGUAUQBCAEQAQQBHADgAQQBiAGcAQgAwAEEARwBrAEEAYgBnAEIAMQBBAEcAVQBBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAEoAQQBCAE0AQQBFAEUAQQBVAHcAQgBVAEEARQBVAEEAVwBBAEIASgBBAEYAUQBBAFEAdwBCAFAAQQBFAFEAQQBSAFEAQQBnAEEASAAwAEEASQBBAEIARgBBAEcAdwBBAGMAdwBCAGwAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAHgAQQBDAEEAQQBmAFEAQQBnAEEASAAwAEEA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3419 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:54 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b6e23e41-bc1a-4a5a-acd4-42bdd80d940f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAHcAQQAzAEEARABVAEEATQBBAEEAdQBBAEQAWQBBAEwAUQBBAHgAQQBEAFUAQQBPAFEAQQAwAEEARABJAEEATwBBAEEAMwBBAEQASQBBAE0AQQBBADIAQQBEAEUAQQBNAHcAQQA0AEEARABnAEEASQBnAEEAZwBBAEMAMABBAFIAZwBCAHYAQQBIAEkAQQBZAHcAQgBsAEEAQwBBAEEATABRAEIAUwBBAEcAVQBBAFkAdwBCADEAQQBIAEkAQQBjAHcAQgBsAEEARABzAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEQAOABBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBKAEEARwBZAEEASQBBAEEAbwBBAEUAYwBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEEAdABBAEUAVQBBAGMAZwBCAHkAQQBHADgAQQBjAGcAQgBCAEEARwBNAEEAZABBAEIAcABBAEcAOABBAGIAZwBBAGcAQQBGAE0AQQBhAFEAQgBzAEEARwBVAEEAYgBnAEIAMABBAEcAdwBBAGUAUQBCAEQAQQBHADgAQQBiAGcAQgAwAEEARwBrAEEAYgBnAEIAMQBBAEcAVQBBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAEoAQQBCAE0AQQBFAEUAQQBVAHcAQgBVAEEARQBVAEEAVwBBAEIASgBBAEYAUQBBAFEAdwBCAFAAQQBFAFEAQQBSAFEAQQBnAEEASAAwAEEASQBBAEIARgBBAEcAdwBBAGMAdwBCAGwAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAHgAQQBDAEEAQQBmAFEAQQBnAEEASAAwAEEA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3418 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:54 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b6e23e41-bc1a-4a5a-acd4-42bdd80d940f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAHcAQQAzAEEARABVAEEATQBBAEEAdQBBAEQAWQBBAEwAUQBBAHgAQQBEAFUAQQBPAFEAQQAwAEEARABJAEEATwBBAEEAMwBBAEQASQBBAE0AQQBBADIAQQBEAEUAQQBNAHcAQQA0AEEARABnAEEASQBnAEEAZwBBAEMAMABBAFIAZwBCAHYAQQBIAEkAQQBZAHcAQgBsAEEAQwBBAEEATABRAEIAUwBBAEcAVQBBAFkAdwBCADEAQQBIAEkAQQBjAHcAQgBsAEEARABzAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEQAOABBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBKAEEARwBZAEEASQBBAEEAbwBBAEUAYwBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEEAdABBAEUAVQBBAGMAZwBCAHkAQQBHADgAQQBjAGcAQgBCAEEARwBNAEEAZABBAEIAcABBAEcAOABBAGIAZwBBAGcAQQBGAE0AQQBhAFEAQgBzAEEARwBVAEEAYgBnAEIAMABBAEcAdwBBAGUAUQBCAEQAQQBHADgAQQBiAGcAQgAwAEEARwBrAEEAYgBnAEIAMQBBAEcAVQBBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAEoAQQBCAE0AQQBFAEUAQQBVAHcAQgBVAEEARQBVAEEAVwBBAEIASgBBAEYAUQBBAFEAdwBCAFAAQQBFAFEAQQBSAFEAQQBnAEEASAAwAEEASQBBAEIARgBBAEcAdwBBAGMAdwBCAGwAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAHgAQQBDAEEAQQBmAFEAQQBnAEEASAAwAEEA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3417 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:54 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=422c3969-d1f6-4b25-8ae4-81ab31083e24
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ad98b9a7-8c3f-44a7-86ee-2605c332423f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3416 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:54 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=cf78fe65-5635-4530-8633-b7da519a3445
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9b4864cb-e504-41c5-8a35-722cd585ace2
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3415 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:53 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=cf78fe65-5635-4530-8633-b7da519a3445
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3414 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:53 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=cf78fe65-5635-4530-8633-b7da519a3445
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3413 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:53 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=cf78fe65-5635-4530-8633-b7da519a3445
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3412 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:53 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=cf78fe65-5635-4530-8633-b7da519a3445
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3411 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:53 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=cf78fe65-5635-4530-8633-b7da519a3445
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3410 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:53 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=cf78fe65-5635-4530-8633-b7da519a3445
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3409 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:53 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=cf78fe65-5635-4530-8633-b7da519a3445
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3408 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:53 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=cf78fe65-5635-4530-8633-b7da519a3445
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3407 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:53 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=422c3969-d1f6-4b25-8ae4-81ab31083e24
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ad98b9a7-8c3f-44a7-86ee-2605c332423f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3406 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:53 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=422c3969-d1f6-4b25-8ae4-81ab31083e24
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3405 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:53 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=422c3969-d1f6-4b25-8ae4-81ab31083e24
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3404 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:53 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=422c3969-d1f6-4b25-8ae4-81ab31083e24
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3403 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:53 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=422c3969-d1f6-4b25-8ae4-81ab31083e24
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3402 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:53 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=422c3969-d1f6-4b25-8ae4-81ab31083e24
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3401 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:53 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=422c3969-d1f6-4b25-8ae4-81ab31083e24
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3400 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:53 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e1219c95-3bd5-47bc-8f5e-855889d84599
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMwA3ADUAMAAuADYALQAxADUAOQA0ADIAOAA3ADIAMAA2ADEAMwA4ADgAXABzAG8AdQByAGMAZQAnAAoAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAEMAbwBuAHQAaQBuAHUAZQAiAAoAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAdABvAHAAIgAKAFMAZQB0AC0AUwB0AHIAaQBjAHQATQBvAGQAZQAgAC0AVgBlAHIAcwBpAG8AbgAgADIACgAkAGYAZAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ASQBPAC4ARgBpAGwAZQBdADoAOgBDAHIAZQBhAHQAZQAoACQAcABhAHQAaAApAAoAJABzAGgAYQAxACAAPQAgAFsAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAFMASABBADEAQwByAHkAcAB0AG8AUwBlAHIAdgBpAGMAZQBQAHIAbwB2AGkAZABlAHIAXQA6ADoAQwByAGUAYQB0AGUAKAApAAoAJABiAHkAdABlAHMAIAA9ACAAQAAoACkAIAAjAGkAbgBpAHQAaQBhAGwAaQB6AGUAIABmAG8AcgAgAGUAbQBwAHQAeQAgAGYAaQBsAGUAIABjAGEAcwBlAAoAfQAKAHAAcgBvAGMAZQBzAHMAIAB7AAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAaQBuAHAAdQB0ACkACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAAsACAAJABiAHkAdABlAHMALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGYAZAAuAFcAcgBpAHQAZQAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACkACgB9AAoAZQBuAGQAIAB7AAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0ARgBpAG4AYQBsAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABoAGEAcwBoACAAPQAgAFsAUwB5AHMAdABlAG0ALgBCAGkAdABDAG8AbgB2AGUAcgB0AGUAcgBdADoAOgBUAG8AUwB0AHIAaQBuAGcAKAAkAHMAaABhADEALgBIAGEAcwBoACkALgBSAGUAcABsAGEAYwBlACgAIgAtACIALAAgACIAIgApAC4AVABvAEwAbwB3AGUAcgBJAG4AdgBhAHIAaQBhAG4AdAAoACkACgAkAGYAZAAuAEMAbABvAHMAZQAoACkACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACIAewAiACIAcwBoAGEAMQAiACIAOgAiACIAJABoAGEAcwBoACIAIgB9ACIACgB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=eedfc64c-fc0f-48ca-a2b6-5ae9de5ea04f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3399 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:53 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e1219c95-3bd5-47bc-8f5e-855889d84599
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMwA3ADUAMAAuADYALQAxADUAOQA0ADIAOAA3ADIAMAA2ADEAMwA4ADgAXABzAG8AdQByAGMAZQAnAAoAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAEMAbwBuAHQAaQBuAHUAZQAiAAoAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAdABvAHAAIgAKAFMAZQB0AC0AUwB0AHIAaQBjAHQATQBvAGQAZQAgAC0AVgBlAHIAcwBpAG8AbgAgADIACgAkAGYAZAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ASQBPAC4ARgBpAGwAZQBdADoAOgBDAHIAZQBhAHQAZQAoACQAcABhAHQAaAApAAoAJABzAGgAYQAxACAAPQAgAFsAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAFMASABBADEAQwByAHkAcAB0AG8AUwBlAHIAdgBpAGMAZQBQAHIAbwB2AGkAZABlAHIAXQA6ADoAQwByAGUAYQB0AGUAKAApAAoAJABiAHkAdABlAHMAIAA9ACAAQAAoACkAIAAjAGkAbgBpAHQAaQBhAGwAaQB6AGUAIABmAG8AcgAgAGUAbQBwAHQAeQAgAGYAaQBsAGUAIABjAGEAcwBlAAoAfQAKAHAAcgBvAGMAZQBzAHMAIAB7AAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAaQBuAHAAdQB0ACkACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAAsACAAJABiAHkAdABlAHMALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGYAZAAuAFcAcgBpAHQAZQAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACkACgB9AAoAZQBuAGQAIAB7AAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0ARgBpAG4AYQBsAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABoAGEAcwBoACAAPQAgAFsAUwB5AHMAdABlAG0ALgBCAGkAdABDAG8AbgB2AGUAcgB0AGUAcgBdADoAOgBUAG8AUwB0AHIAaQBuAGcAKAAkAHMAaABhADEALgBIAGEAcwBoACkALgBSAGUAcABsAGEAYwBlACgAIgAtACIALAAgACIAIgApAC4AVABvAEwAbwB3AGUAcgBJAG4AdgBhAHIAaQBhAG4AdAAoACkACgAkAGYAZAAuAEMAbABvAHMAZQAoACkACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACIAewAiACIAcwBoAGEAMQAiACIAOgAiACIAJABoAGEAcwBoACIAIgB9ACIACgB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=eedfc64c-fc0f-48ca-a2b6-5ae9de5ea04f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3398 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:52 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e1219c95-3bd5-47bc-8f5e-855889d84599
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMwA3ADUAMAAuADYALQAxADUAOQA0ADIAOAA3ADIAMAA2ADEAMwA4ADgAXABzAG8AdQByAGMAZQAnAAoAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAEMAbwBuAHQAaQBuAHUAZQAiAAoAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAdABvAHAAIgAKAFMAZQB0AC0AUwB0AHIAaQBjAHQATQBvAGQAZQAgAC0AVgBlAHIAcwBpAG8AbgAgADIACgAkAGYAZAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ASQBPAC4ARgBpAGwAZQBdADoAOgBDAHIAZQBhAHQAZQAoACQAcABhAHQAaAApAAoAJABzAGgAYQAxACAAPQAgAFsAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAFMASABBADEAQwByAHkAcAB0AG8AUwBlAHIAdgBpAGMAZQBQAHIAbwB2AGkAZABlAHIAXQA6ADoAQwByAGUAYQB0AGUAKAApAAoAJABiAHkAdABlAHMAIAA9ACAAQAAoACkAIAAjAGkAbgBpAHQAaQBhAGwAaQB6AGUAIABmAG8AcgAgAGUAbQBwAHQAeQAgAGYAaQBsAGUAIABjAGEAcwBlAAoAfQAKAHAAcgBvAGMAZQBzAHMAIAB7AAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAaQBuAHAAdQB0ACkACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAAsACAAJABiAHkAdABlAHMALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGYAZAAuAFcAcgBpAHQAZQAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACkACgB9AAoAZQBuAGQAIAB7AAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0ARgBpAG4AYQBsAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABoAGEAcwBoACAAPQAgAFsAUwB5AHMAdABlAG0ALgBCAGkAdABDAG8AbgB2AGUAcgB0AGUAcgBdADoAOgBUAG8AUwB0AHIAaQBuAGcAKAAkAHMAaABhADEALgBIAGEAcwBoACkALgBSAGUAcABsAGEAYwBlACgAIgAtACIALAAgACIAIgApAC4AVABvAEwAbwB3AGUAcgBJAG4AdgBhAHIAaQBhAG4AdAAoACkACgAkAGYAZAAuAEMAbABvAHMAZQAoACkACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACIAewAiACIAcwBoAGEAMQAiACIAOgAiACIAJABoAGEAcwBoACIAIgB9ACIACgB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3397 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:52 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e1219c95-3bd5-47bc-8f5e-855889d84599
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMwA3ADUAMAAuADYALQAxADUAOQA0ADIAOAA3ADIAMAA2ADEAMwA4ADgAXABzAG8AdQByAGMAZQAnAAoAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAEMAbwBuAHQAaQBuAHUAZQAiAAoAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAdABvAHAAIgAKAFMAZQB0AC0AUwB0AHIAaQBjAHQATQBvAGQAZQAgAC0AVgBlAHIAcwBpAG8AbgAgADIACgAkAGYAZAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ASQBPAC4ARgBpAGwAZQBdADoAOgBDAHIAZQBhAHQAZQAoACQAcABhAHQAaAApAAoAJABzAGgAYQAxACAAPQAgAFsAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAFMASABBADEAQwByAHkAcAB0AG8AUwBlAHIAdgBpAGMAZQBQAHIAbwB2AGkAZABlAHIAXQA6ADoAQwByAGUAYQB0AGUAKAApAAoAJABiAHkAdABlAHMAIAA9ACAAQAAoACkAIAAjAGkAbgBpAHQAaQBhAGwAaQB6AGUAIABmAG8AcgAgAGUAbQBwAHQAeQAgAGYAaQBsAGUAIABjAGEAcwBlAAoAfQAKAHAAcgBvAGMAZQBzAHMAIAB7AAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAaQBuAHAAdQB0ACkACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAAsACAAJABiAHkAdABlAHMALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGYAZAAuAFcAcgBpAHQAZQAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACkACgB9AAoAZQBuAGQAIAB7AAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0ARgBpAG4AYQBsAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABoAGEAcwBoACAAPQAgAFsAUwB5AHMAdABlAG0ALgBCAGkAdABDAG8AbgB2AGUAcgB0AGUAcgBdADoAOgBUAG8AUwB0AHIAaQBuAGcAKAAkAHMAaABhADEALgBIAGEAcwBoACkALgBSAGUAcABsAGEAYwBlACgAIgAtACIALAAgACIAIgApAC4AVABvAEwAbwB3AGUAcgBJAG4AdgBhAHIAaQBhAG4AdAAoACkACgAkAGYAZAAuAEMAbABvAHMAZQAoACkACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACIAewAiACIAcwBoAGEAMQAiACIAOgAiACIAJABoAGEAcwBoACIAIgB9ACIACgB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3396 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:52 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e1219c95-3bd5-47bc-8f5e-855889d84599
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMwA3ADUAMAAuADYALQAxADUAOQA0ADIAOAA3ADIAMAA2ADEAMwA4ADgAXABzAG8AdQByAGMAZQAnAAoAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAEMAbwBuAHQAaQBuAHUAZQAiAAoAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAdABvAHAAIgAKAFMAZQB0AC0AUwB0AHIAaQBjAHQATQBvAGQAZQAgAC0AVgBlAHIAcwBpAG8AbgAgADIACgAkAGYAZAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ASQBPAC4ARgBpAGwAZQBdADoAOgBDAHIAZQBhAHQAZQAoACQAcABhAHQAaAApAAoAJABzAGgAYQAxACAAPQAgAFsAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAFMASABBADEAQwByAHkAcAB0AG8AUwBlAHIAdgBpAGMAZQBQAHIAbwB2AGkAZABlAHIAXQA6ADoAQwByAGUAYQB0AGUAKAApAAoAJABiAHkAdABlAHMAIAA9ACAAQAAoACkAIAAjAGkAbgBpAHQAaQBhAGwAaQB6AGUAIABmAG8AcgAgAGUAbQBwAHQAeQAgAGYAaQBsAGUAIABjAGEAcwBlAAoAfQAKAHAAcgBvAGMAZQBzAHMAIAB7AAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAaQBuAHAAdQB0ACkACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAAsACAAJABiAHkAdABlAHMALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGYAZAAuAFcAcgBpAHQAZQAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACkACgB9AAoAZQBuAGQAIAB7AAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0ARgBpAG4AYQBsAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABoAGEAcwBoACAAPQAgAFsAUwB5AHMAdABlAG0ALgBCAGkAdABDAG8AbgB2AGUAcgB0AGUAcgBdADoAOgBUAG8AUwB0AHIAaQBuAGcAKAAkAHMAaABhADEALgBIAGEAcwBoACkALgBSAGUAcABsAGEAYwBlACgAIgAtACIALAAgACIAIgApAC4AVABvAEwAbwB3AGUAcgBJAG4AdgBhAHIAaQBhAG4AdAAoACkACgAkAGYAZAAuAEMAbABvAHMAZQAoACkACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACIAewAiACIAcwBoAGEAMQAiACIAOgAiACIAJABoAGEAcwBoACIAIgB9ACIACgB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3395 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:52 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e1219c95-3bd5-47bc-8f5e-855889d84599
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMwA3ADUAMAAuADYALQAxADUAOQA0ADIAOAA3ADIAMAA2ADEAMwA4ADgAXABzAG8AdQByAGMAZQAnAAoAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAEMAbwBuAHQAaQBuAHUAZQAiAAoAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAdABvAHAAIgAKAFMAZQB0AC0AUwB0AHIAaQBjAHQATQBvAGQAZQAgAC0AVgBlAHIAcwBpAG8AbgAgADIACgAkAGYAZAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ASQBPAC4ARgBpAGwAZQBdADoAOgBDAHIAZQBhAHQAZQAoACQAcABhAHQAaAApAAoAJABzAGgAYQAxACAAPQAgAFsAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAFMASABBADEAQwByAHkAcAB0AG8AUwBlAHIAdgBpAGMAZQBQAHIAbwB2AGkAZABlAHIAXQA6ADoAQwByAGUAYQB0AGUAKAApAAoAJABiAHkAdABlAHMAIAA9ACAAQAAoACkAIAAjAGkAbgBpAHQAaQBhAGwAaQB6AGUAIABmAG8AcgAgAGUAbQBwAHQAeQAgAGYAaQBsAGUAIABjAGEAcwBlAAoAfQAKAHAAcgBvAGMAZQBzAHMAIAB7AAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAaQBuAHAAdQB0ACkACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAAsACAAJABiAHkAdABlAHMALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGYAZAAuAFcAcgBpAHQAZQAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACkACgB9AAoAZQBuAGQAIAB7AAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0ARgBpAG4AYQBsAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABoAGEAcwBoACAAPQAgAFsAUwB5AHMAdABlAG0ALgBCAGkAdABDAG8AbgB2AGUAcgB0AGUAcgBdADoAOgBUAG8AUwB0AHIAaQBuAGcAKAAkAHMAaABhADEALgBIAGEAcwBoACkALgBSAGUAcABsAGEAYwBlACgAIgAtACIALAAgACIAIgApAC4AVABvAEwAbwB3AGUAcgBJAG4AdgBhAHIAaQBhAG4AdAAoACkACgAkAGYAZAAuAEMAbABvAHMAZQAoACkACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACIAewAiACIAcwBoAGEAMQAiACIAOgAiACIAJABoAGEAcwBoACIAIgB9ACIACgB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3394 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:52 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e1219c95-3bd5-47bc-8f5e-855889d84599
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMwA3ADUAMAAuADYALQAxADUAOQA0ADIAOAA3ADIAMAA2ADEAMwA4ADgAXABzAG8AdQByAGMAZQAnAAoAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAEMAbwBuAHQAaQBuAHUAZQAiAAoAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAdABvAHAAIgAKAFMAZQB0AC0AUwB0AHIAaQBjAHQATQBvAGQAZQAgAC0AVgBlAHIAcwBpAG8AbgAgADIACgAkAGYAZAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ASQBPAC4ARgBpAGwAZQBdADoAOgBDAHIAZQBhAHQAZQAoACQAcABhAHQAaAApAAoAJABzAGgAYQAxACAAPQAgAFsAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAFMASABBADEAQwByAHkAcAB0AG8AUwBlAHIAdgBpAGMAZQBQAHIAbwB2AGkAZABlAHIAXQA6ADoAQwByAGUAYQB0AGUAKAApAAoAJABiAHkAdABlAHMAIAA9ACAAQAAoACkAIAAjAGkAbgBpAHQAaQBhAGwAaQB6AGUAIABmAG8AcgAgAGUAbQBwAHQAeQAgAGYAaQBsAGUAIABjAGEAcwBlAAoAfQAKAHAAcgBvAGMAZQBzAHMAIAB7AAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAaQBuAHAAdQB0ACkACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAAsACAAJABiAHkAdABlAHMALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGYAZAAuAFcAcgBpAHQAZQAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACkACgB9AAoAZQBuAGQAIAB7AAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0ARgBpAG4AYQBsAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABoAGEAcwBoACAAPQAgAFsAUwB5AHMAdABlAG0ALgBCAGkAdABDAG8AbgB2AGUAcgB0AGUAcgBdADoAOgBUAG8AUwB0AHIAaQBuAGcAKAAkAHMAaABhADEALgBIAGEAcwBoACkALgBSAGUAcABsAGEAYwBlACgAIgAtACIALAAgACIAIgApAC4AVABvAEwAbwB3AGUAcgBJAG4AdgBhAHIAaQBhAG4AdAAoACkACgAkAGYAZAAuAEMAbABvAHMAZQAoACkACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACIAewAiACIAcwBoAGEAMQAiACIAOgAiACIAJABoAGEAcwBoACIAIgB9ACIACgB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3393 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:52 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e1219c95-3bd5-47bc-8f5e-855889d84599
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMwA3ADUAMAAuADYALQAxADUAOQA0ADIAOAA3ADIAMAA2ADEAMwA4ADgAXABzAG8AdQByAGMAZQAnAAoAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAEMAbwBuAHQAaQBuAHUAZQAiAAoAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAdABvAHAAIgAKAFMAZQB0AC0AUwB0AHIAaQBjAHQATQBvAGQAZQAgAC0AVgBlAHIAcwBpAG8AbgAgADIACgAkAGYAZAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ASQBPAC4ARgBpAGwAZQBdADoAOgBDAHIAZQBhAHQAZQAoACQAcABhAHQAaAApAAoAJABzAGgAYQAxACAAPQAgAFsAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAFMASABBADEAQwByAHkAcAB0AG8AUwBlAHIAdgBpAGMAZQBQAHIAbwB2AGkAZABlAHIAXQA6ADoAQwByAGUAYQB0AGUAKAApAAoAJABiAHkAdABlAHMAIAA9ACAAQAAoACkAIAAjAGkAbgBpAHQAaQBhAGwAaQB6AGUAIABmAG8AcgAgAGUAbQBwAHQAeQAgAGYAaQBsAGUAIABjAGEAcwBlAAoAfQAKAHAAcgBvAGMAZQBzAHMAIAB7AAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAaQBuAHAAdQB0ACkACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAAsACAAJABiAHkAdABlAHMALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGYAZAAuAFcAcgBpAHQAZQAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACkACgB9AAoAZQBuAGQAIAB7AAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0ARgBpAG4AYQBsAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABoAGEAcwBoACAAPQAgAFsAUwB5AHMAdABlAG0ALgBCAGkAdABDAG8AbgB2AGUAcgB0AGUAcgBdADoAOgBUAG8AUwB0AHIAaQBuAGcAKAAkAHMAaABhADEALgBIAGEAcwBoACkALgBSAGUAcABsAGEAYwBlACgAIgAtACIALAAgACIAIgApAC4AVABvAEwAbwB3AGUAcgBJAG4AdgBhAHIAaQBhAG4AdAAoACkACgAkAGYAZAAuAEMAbABvAHMAZQAoACkACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACIAewAiACIAcwBoAGEAMQAiACIAOgAiACIAJABoAGEAcwBoACIAIgB9ACIACgB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3392 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:52 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8344c3bc-3284-4c61-b038-6cc199135c55
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=12bdaf23-ca04-479c-a4e9-24f9965bf042
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3391 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:52 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2cb5db72-4c61-4860-8892-59f29a067ec4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=88bcdbcb-f9c5-426b-aa18-c4d642a63ad2
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3390 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:52 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2cb5db72-4c61-4860-8892-59f29a067ec4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3389 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:52 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2cb5db72-4c61-4860-8892-59f29a067ec4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3388 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:52 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2cb5db72-4c61-4860-8892-59f29a067ec4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3387 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:52 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2cb5db72-4c61-4860-8892-59f29a067ec4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3386 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:52 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2cb5db72-4c61-4860-8892-59f29a067ec4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3385 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:52 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2cb5db72-4c61-4860-8892-59f29a067ec4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3384 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:52 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2cb5db72-4c61-4860-8892-59f29a067ec4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3383 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:52 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2cb5db72-4c61-4860-8892-59f29a067ec4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3382 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:52 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8344c3bc-3284-4c61-b038-6cc199135c55
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=12bdaf23-ca04-479c-a4e9-24f9965bf042
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3381 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:51 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8344c3bc-3284-4c61-b038-6cc199135c55
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3380 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:51 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8344c3bc-3284-4c61-b038-6cc199135c55
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3379 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:51 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8344c3bc-3284-4c61-b038-6cc199135c55
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3378 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:51 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8344c3bc-3284-4c61-b038-6cc199135c55
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3377 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:51 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8344c3bc-3284-4c61-b038-6cc199135c55
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3376 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:51 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8344c3bc-3284-4c61-b038-6cc199135c55
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3375 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:51 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d89ff2c8-3ab8-41bc-a07d-8d60095aa2b2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHoAQQBEAGMAQQBOAFEAQQB3AEEAQwA0AEEATgBnAEEAdABBAEQARQBBAE4AUQBBADUAQQBEAFEAQQBNAGcAQQA0AEEARABjAEEATQBnAEEAdwBBAEQAWQBBAE0AUQBBAHoAQQBEAGcAQQBPAEEAQQBuAEEAQQBvAEEAVgB3AEIAeQBBAEcAawBBAGQAQQBCAGwAQQBDADAAQQBUAHcAQgAxAEEASABRAEEAYwBBAEIAMQBBAEgAUQBBAEkAQQBBAHQAQQBFAGsAQQBiAGcAQgB3AEEASABVAEEAZABBAEIAUABBAEcASQBBAGEAZwBCAGwAQQBHAE0AQQBkAEEAQQBnAEEAQwBRAEEAZABBAEIAdABBAEgAQQBBAEwAZwBCAEcAQQBIAFUAQQBiAEEAQgBzAEEARQA0AEEAWQBRAEIAdABBAEcAVQBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBEADgAQQBLAFEAQQBnAEEASABzAEEASQBBAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBBAHQAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQQBnAEEARgBNAEEAYQBRAEIAcwBBAEcAVQBBAGIAZwBCADAAQQBHAHcAQQBlAFEAQgBEAEEARwA4AEEAYgBnAEIAMABBAEcAawBBAGIAZwBCADEAQQBHAFUAQQBLAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEgAMABBAEkAQQBCAEYAQQBHAHcAQQBjAHcAQgBsAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQB4AEEAQwBBAEEAZgBRAEEAZwBBAEgAMABBAA==
EngineVersion=5.1.14393.1944
RunspaceId=eafdb6cd-cc35-4596-936c-2f7ed36a5021
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3374 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:51 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=38ab34eb-8085-4429-88bd-3a2e76688f77
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAzADcANQAwAC4ANgAtADEANQA5ADQAMgA4ADcAMgAwADYAMQAzADgAOAAnAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAtAEkAbgBwAHUAdABPAGIAagBlAGMAdAAgACQAdABtAHAALgBGAHUAbABsAE4AYQBtAGUACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A
EngineVersion=5.1.14393.1944
RunspaceId=7575387c-5fae-4da0-aa2e-773bc4ddc32d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3373 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:51 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=38ab34eb-8085-4429-88bd-3a2e76688f77
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAzADcANQAwAC4ANgAtADEANQA5ADQAMgA4ADcAMgAwADYAMQAzADgAOAAnAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAtAEkAbgBwAHUAdABPAGIAagBlAGMAdAAgACQAdABtAHAALgBGAHUAbABsAE4AYQBtAGUACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A
EngineVersion=5.1.14393.1944
RunspaceId=7575387c-5fae-4da0-aa2e-773bc4ddc32d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3372 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:51 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=38ab34eb-8085-4429-88bd-3a2e76688f77
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAzADcANQAwAC4ANgAtADEANQA5ADQAMgA4ADcAMgAwADYAMQAzADgAOAAnAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAtAEkAbgBwAHUAdABPAGIAagBlAGMAdAAgACQAdABtAHAALgBGAHUAbABsAE4AYQBtAGUACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3371 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:51 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=38ab34eb-8085-4429-88bd-3a2e76688f77
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAzADcANQAwAC4ANgAtADEANQA5ADQAMgA4ADcAMgAwADYAMQAzADgAOAAnAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAtAEkAbgBwAHUAdABPAGIAagBlAGMAdAAgACQAdABtAHAALgBGAHUAbABsAE4AYQBtAGUACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3370 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:51 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=38ab34eb-8085-4429-88bd-3a2e76688f77
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAzADcANQAwAC4ANgAtADEANQA5ADQAMgA4ADcAMgAwADYAMQAzADgAOAAnAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAtAEkAbgBwAHUAdABPAGIAagBlAGMAdAAgACQAdABtAHAALgBGAHUAbABsAE4AYQBtAGUACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3369 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:51 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=38ab34eb-8085-4429-88bd-3a2e76688f77
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAzADcANQAwAC4ANgAtADEANQA5ADQAMgA4ADcAMgAwADYAMQAzADgAOAAnAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAtAEkAbgBwAHUAdABPAGIAagBlAGMAdAAgACQAdABtAHAALgBGAHUAbABsAE4AYQBtAGUACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3368 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:51 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=38ab34eb-8085-4429-88bd-3a2e76688f77
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAzADcANQAwAC4ANgAtADEANQA5ADQAMgA4ADcAMgAwADYAMQAzADgAOAAnAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAtAEkAbgBwAHUAdABPAGIAagBlAGMAdAAgACQAdABtAHAALgBGAHUAbABsAE4AYQBtAGUACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3367 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:51 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=38ab34eb-8085-4429-88bd-3a2e76688f77
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAzADcANQAwAC4ANgAtADEANQA5ADQAMgA4ADcAMgAwADYAMQAzADgAOAAnAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAtAEkAbgBwAHUAdABPAGIAagBlAGMAdAAgACQAdABtAHAALgBGAHUAbABsAE4AYQBtAGUACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3366 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:51 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d89ff2c8-3ab8-41bc-a07d-8d60095aa2b2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHoAQQBEAGMAQQBOAFEAQQB3AEEAQwA0AEEATgBnAEEAdABBAEQARQBBAE4AUQBBADUAQQBEAFEAQQBNAGcAQQA0AEEARABjAEEATQBnAEEAdwBBAEQAWQBBAE0AUQBBAHoAQQBEAGcAQQBPAEEAQQBuAEEAQQBvAEEAVgB3AEIAeQBBAEcAawBBAGQAQQBCAGwAQQBDADAAQQBUAHcAQgAxAEEASABRAEEAYwBBAEIAMQBBAEgAUQBBAEkAQQBBAHQAQQBFAGsAQQBiAGcAQgB3AEEASABVAEEAZABBAEIAUABBAEcASQBBAGEAZwBCAGwAQQBHAE0AQQBkAEEAQQBnAEEAQwBRAEEAZABBAEIAdABBAEgAQQBBAEwAZwBCAEcAQQBIAFUAQQBiAEEAQgBzAEEARQA0AEEAWQBRAEIAdABBAEcAVQBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBEADgAQQBLAFEAQQBnAEEASABzAEEASQBBAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBBAHQAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQQBnAEEARgBNAEEAYQBRAEIAcwBBAEcAVQBBAGIAZwBCADAAQQBHAHcAQQBlAFEAQgBEAEEARwA4AEEAYgBnAEIAMABBAEcAawBBAGIAZwBCADEAQQBHAFUAQQBLAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEgAMABBAEkAQQBCAEYAQQBHAHcAQQBjAHcAQgBsAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQB4AEEAQwBBAEEAZgBRAEEAZwBBAEgAMABBAA==
EngineVersion=5.1.14393.1944
RunspaceId=eafdb6cd-cc35-4596-936c-2f7ed36a5021
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3365 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:50 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d89ff2c8-3ab8-41bc-a07d-8d60095aa2b2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHoAQQBEAGMAQQBOAFEAQQB3AEEAQwA0AEEATgBnAEEAdABBAEQARQBBAE4AUQBBADUAQQBEAFEAQQBNAGcAQQA0AEEARABjAEEATQBnAEEAdwBBAEQAWQBBAE0AUQBBAHoAQQBEAGcAQQBPAEEAQQBuAEEAQQBvAEEAVgB3AEIAeQBBAEcAawBBAGQAQQBCAGwAQQBDADAAQQBUAHcAQgAxAEEASABRAEEAYwBBAEIAMQBBAEgAUQBBAEkAQQBBAHQAQQBFAGsAQQBiAGcAQgB3AEEASABVAEEAZABBAEIAUABBAEcASQBBAGEAZwBCAGwAQQBHAE0AQQBkAEEAQQBnAEEAQwBRAEEAZABBAEIAdABBAEgAQQBBAEwAZwBCAEcAQQBIAFUAQQBiAEEAQgBzAEEARQA0AEEAWQBRAEIAdABBAEcAVQBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBEADgAQQBLAFEAQQBnAEEASABzAEEASQBBAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBBAHQAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQQBnAEEARgBNAEEAYQBRAEIAcwBBAEcAVQBBAGIAZwBCADAAQQBHAHcAQQBlAFEAQgBEAEEARwA4AEEAYgBnAEIAMABBAEcAawBBAGIAZwBCADEAQQBHAFUAQQBLAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEgAMABBAEkAQQBCAEYAQQBHAHcAQQBjAHcAQgBsAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQB4AEEAQwBBAEEAZgBRAEEAZwBBAEgAMABBAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3364 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:50 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d89ff2c8-3ab8-41bc-a07d-8d60095aa2b2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHoAQQBEAGMAQQBOAFEAQQB3AEEAQwA0AEEATgBnAEEAdABBAEQARQBBAE4AUQBBADUAQQBEAFEAQQBNAGcAQQA0AEEARABjAEEATQBnAEEAdwBBAEQAWQBBAE0AUQBBAHoAQQBEAGcAQQBPAEEAQQBuAEEAQQBvAEEAVgB3AEIAeQBBAEcAawBBAGQAQQBCAGwAQQBDADAAQQBUAHcAQgAxAEEASABRAEEAYwBBAEIAMQBBAEgAUQBBAEkAQQBBAHQAQQBFAGsAQQBiAGcAQgB3AEEASABVAEEAZABBAEIAUABBAEcASQBBAGEAZwBCAGwAQQBHAE0AQQBkAEEAQQBnAEEAQwBRAEEAZABBAEIAdABBAEgAQQBBAEwAZwBCAEcAQQBIAFUAQQBiAEEAQgBzAEEARQA0AEEAWQBRAEIAdABBAEcAVQBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBEADgAQQBLAFEAQQBnAEEASABzAEEASQBBAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBBAHQAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQQBnAEEARgBNAEEAYQBRAEIAcwBBAEcAVQBBAGIAZwBCADAAQQBHAHcAQQBlAFEAQgBEAEEARwA4AEEAYgBnAEIAMABBAEcAawBBAGIAZwBCADEAQQBHAFUAQQBLAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEgAMABBAEkAQQBCAEYAQQBHAHcAQQBjAHcAQgBsAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQB4AEEAQwBBAEEAZgBRAEEAZwBBAEgAMABBAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3363 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:50 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d89ff2c8-3ab8-41bc-a07d-8d60095aa2b2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHoAQQBEAGMAQQBOAFEAQQB3AEEAQwA0AEEATgBnAEEAdABBAEQARQBBAE4AUQBBADUAQQBEAFEAQQBNAGcAQQA0AEEARABjAEEATQBnAEEAdwBBAEQAWQBBAE0AUQBBAHoAQQBEAGcAQQBPAEEAQQBuAEEAQQBvAEEAVgB3AEIAeQBBAEcAawBBAGQAQQBCAGwAQQBDADAAQQBUAHcAQgAxAEEASABRAEEAYwBBAEIAMQBBAEgAUQBBAEkAQQBBAHQAQQBFAGsAQQBiAGcAQgB3AEEASABVAEEAZABBAEIAUABBAEcASQBBAGEAZwBCAGwAQQBHAE0AQQBkAEEAQQBnAEEAQwBRAEEAZABBAEIAdABBAEgAQQBBAEwAZwBCAEcAQQBIAFUAQQBiAEEAQgBzAEEARQA0AEEAWQBRAEIAdABBAEcAVQBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBEADgAQQBLAFEAQQBnAEEASABzAEEASQBBAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBBAHQAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQQBnAEEARgBNAEEAYQBRAEIAcwBBAEcAVQBBAGIAZwBCADAAQQBHAHcAQQBlAFEAQgBEAEEARwA4AEEAYgBnAEIAMABBAEcAawBBAGIAZwBCADEAQQBHAFUAQQBLAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEgAMABBAEkAQQBCAEYAQQBHAHcAQQBjAHcAQgBsAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQB4AEEAQwBBAEEAZgBRAEEAZwBBAEgAMABBAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3362 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:50 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d89ff2c8-3ab8-41bc-a07d-8d60095aa2b2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHoAQQBEAGMAQQBOAFEAQQB3AEEAQwA0AEEATgBnAEEAdABBAEQARQBBAE4AUQBBADUAQQBEAFEAQQBNAGcAQQA0AEEARABjAEEATQBnAEEAdwBBAEQAWQBBAE0AUQBBAHoAQQBEAGcAQQBPAEEAQQBuAEEAQQBvAEEAVgB3AEIAeQBBAEcAawBBAGQAQQBCAGwAQQBDADAAQQBUAHcAQgAxAEEASABRAEEAYwBBAEIAMQBBAEgAUQBBAEkAQQBBAHQAQQBFAGsAQQBiAGcAQgB3AEEASABVAEEAZABBAEIAUABBAEcASQBBAGEAZwBCAGwAQQBHAE0AQQBkAEEAQQBnAEEAQwBRAEEAZABBAEIAdABBAEgAQQBBAEwAZwBCAEcAQQBIAFUAQQBiAEEAQgBzAEEARQA0AEEAWQBRAEIAdABBAEcAVQBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBEADgAQQBLAFEAQQBnAEEASABzAEEASQBBAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBBAHQAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQQBnAEEARgBNAEEAYQBRAEIAcwBBAEcAVQBBAGIAZwBCADAAQQBHAHcAQQBlAFEAQgBEAEEARwA4AEEAYgBnAEIAMABBAEcAawBBAGIAZwBCADEAQQBHAFUAQQBLAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEgAMABBAEkAQQBCAEYAQQBHAHcAQQBjAHcAQgBsAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQB4AEEAQwBBAEEAZgBRAEEAZwBBAEgAMABBAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3361 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:50 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d89ff2c8-3ab8-41bc-a07d-8d60095aa2b2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHoAQQBEAGMAQQBOAFEAQQB3AEEAQwA0AEEATgBnAEEAdABBAEQARQBBAE4AUQBBADUAQQBEAFEAQQBNAGcAQQA0AEEARABjAEEATQBnAEEAdwBBAEQAWQBBAE0AUQBBAHoAQQBEAGcAQQBPAEEAQQBuAEEAQQBvAEEAVgB3AEIAeQBBAEcAawBBAGQAQQBCAGwAQQBDADAAQQBUAHcAQgAxAEEASABRAEEAYwBBAEIAMQBBAEgAUQBBAEkAQQBBAHQAQQBFAGsAQQBiAGcAQgB3AEEASABVAEEAZABBAEIAUABBAEcASQBBAGEAZwBCAGwAQQBHAE0AQQBkAEEAQQBnAEEAQwBRAEEAZABBAEIAdABBAEgAQQBBAEwAZwBCAEcAQQBIAFUAQQBiAEEAQgBzAEEARQA0AEEAWQBRAEIAdABBAEcAVQBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBEADgAQQBLAFEAQQBnAEEASABzAEEASQBBAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBBAHQAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQQBnAEEARgBNAEEAYQBRAEIAcwBBAEcAVQBBAGIAZwBCADAAQQBHAHcAQQBlAFEAQgBEAEEARwA4AEEAYgBnAEIAMABBAEcAawBBAGIAZwBCADEAQQBHAFUAQQBLAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEgAMABBAEkAQQBCAEYAQQBHAHcAQQBjAHcAQgBsAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQB4AEEAQwBBAEEAZgBRAEEAZwBBAEgAMABBAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3360 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:50 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d89ff2c8-3ab8-41bc-a07d-8d60095aa2b2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHoAQQBEAGMAQQBOAFEAQQB3AEEAQwA0AEEATgBnAEEAdABBAEQARQBBAE4AUQBBADUAQQBEAFEAQQBNAGcAQQA0AEEARABjAEEATQBnAEEAdwBBAEQAWQBBAE0AUQBBAHoAQQBEAGcAQQBPAEEAQQBuAEEAQQBvAEEAVgB3AEIAeQBBAEcAawBBAGQAQQBCAGwAQQBDADAAQQBUAHcAQgAxAEEASABRAEEAYwBBAEIAMQBBAEgAUQBBAEkAQQBBAHQAQQBFAGsAQQBiAGcAQgB3AEEASABVAEEAZABBAEIAUABBAEcASQBBAGEAZwBCAGwAQQBHAE0AQQBkAEEAQQBnAEEAQwBRAEEAZABBAEIAdABBAEgAQQBBAEwAZwBCAEcAQQBIAFUAQQBiAEEAQgBzAEEARQA0AEEAWQBRAEIAdABBAEcAVQBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBEADgAQQBLAFEAQQBnAEEASABzAEEASQBBAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBBAHQAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQQBnAEEARgBNAEEAYQBRAEIAcwBBAEcAVQBBAGIAZwBCADAAQQBHAHcAQQBlAFEAQgBEAEEARwA4AEEAYgBnAEIAMABBAEcAawBBAGIAZwBCADEAQQBHAFUAQQBLAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEgAMABBAEkAQQBCAEYAQQBHAHcAQQBjAHcAQgBsAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQB4AEEAQwBBAEEAZgBRAEEAZwBBAEgAMABBAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3359 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:50 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=36
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8d46f8ef-72bc-4c90-882a-a2f437359e1b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c0070c4f-71db-4f2a-92d5-749340bb80d1
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3358 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:48 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -AssemblyName System.DirectoryServices.AccountManagement
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=34
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=14043d78-daff-4d2b-ac9a-10286aee9a17
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=513730e7-5c1c-4b59-a5a7-ebff59a5ad50
PipelineId=5
ScriptName=
CommandLine= Add-Type -AssemblyName System.DirectoryServices.AccountManagement
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="AssemblyName"; value="System.DirectoryServices.AccountManagement"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 3357 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:46 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=14043d78-daff-4d2b-ac9a-10286aee9a17
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=513730e7-5c1c-4b59-a5a7-ebff59a5ad50
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3356 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:43 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=14043d78-daff-4d2b-ac9a-10286aee9a17
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3355 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:43 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=14043d78-daff-4d2b-ac9a-10286aee9a17
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3354 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:43 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=14043d78-daff-4d2b-ac9a-10286aee9a17
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3353 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:43 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=14043d78-daff-4d2b-ac9a-10286aee9a17
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3352 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:43 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=14043d78-daff-4d2b-ac9a-10286aee9a17
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3351 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:43 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=14043d78-daff-4d2b-ac9a-10286aee9a17
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3350 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:43 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=14043d78-daff-4d2b-ac9a-10286aee9a17
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3349 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:43 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=14043d78-daff-4d2b-ac9a-10286aee9a17
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3348 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:43 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8d46f8ef-72bc-4c90-882a-a2f437359e1b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c0070c4f-71db-4f2a-92d5-749340bb80d1
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3347 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:43 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8d46f8ef-72bc-4c90-882a-a2f437359e1b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3346 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:43 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8d46f8ef-72bc-4c90-882a-a2f437359e1b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3345 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:43 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8d46f8ef-72bc-4c90-882a-a2f437359e1b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3344 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:43 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8d46f8ef-72bc-4c90-882a-a2f437359e1b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3343 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:43 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8d46f8ef-72bc-4c90-882a-a2f437359e1b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3342 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:43 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8d46f8ef-72bc-4c90-882a-a2f437359e1b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3341 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:55:43 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bf64ed34-95a9-4893-a470-0c3f165979de
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=3a37af6b-6fac-4392-afea-15bbb4619c44
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3340 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:35 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0dd1d189-09b1-453a-b775-c944441d860e
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A
EngineVersion=5.1.14393.1944
RunspaceId=22ede06a-e50b-4438-8b53-67e2e1865654
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3339 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:35 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0dd1d189-09b1-453a-b775-c944441d860e
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A
EngineVersion=5.1.14393.1944
RunspaceId=22ede06a-e50b-4438-8b53-67e2e1865654
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3338 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:35 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0dd1d189-09b1-453a-b775-c944441d860e
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3337 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:35 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0dd1d189-09b1-453a-b775-c944441d860e
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3336 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:35 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0dd1d189-09b1-453a-b775-c944441d860e
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3335 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:35 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0dd1d189-09b1-453a-b775-c944441d860e
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3334 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:35 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0dd1d189-09b1-453a-b775-c944441d860e
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3333 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:35 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0dd1d189-09b1-453a-b775-c944441d860e
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3332 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:35 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c56802a4-5094-4535-8e99-a16d461f40ed
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=6dc5086f-55e9-4e1a-a687-19cb926afb5d
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 3331 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:34 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c56802a4-5094-4535-8e99-a16d461f40ed
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=6dc5086f-55e9-4e1a-a687-19cb926afb5d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3330 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:34 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c56802a4-5094-4535-8e99-a16d461f40ed
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3329 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:34 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c56802a4-5094-4535-8e99-a16d461f40ed
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3328 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:34 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c56802a4-5094-4535-8e99-a16d461f40ed
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3327 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:34 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c56802a4-5094-4535-8e99-a16d461f40ed
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3326 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:34 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c56802a4-5094-4535-8e99-a16d461f40ed
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3325 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:34 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c56802a4-5094-4535-8e99-a16d461f40ed
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3324 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:34 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c56802a4-5094-4535-8e99-a16d461f40ed
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3323 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:34 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c56802a4-5094-4535-8e99-a16d461f40ed
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3322 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:34 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bf64ed34-95a9-4893-a470-0c3f165979de
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=3a37af6b-6fac-4392-afea-15bbb4619c44
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3321 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:33 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bf64ed34-95a9-4893-a470-0c3f165979de
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3320 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:33 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bf64ed34-95a9-4893-a470-0c3f165979de
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3319 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:33 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bf64ed34-95a9-4893-a470-0c3f165979de
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3318 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:33 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bf64ed34-95a9-4893-a470-0c3f165979de
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3317 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:33 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bf64ed34-95a9-4893-a470-0c3f165979de
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3316 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:33 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bf64ed34-95a9-4893-a470-0c3f165979de
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3315 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:33 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=37
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2e4ae732-9abb-4e18-b179-47ff0a053a95
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=77bc98f9-cc1d-400d-94b1-9bd183eadfa3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3314 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:33 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $platform_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=35
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=212d444e-875a-471a-8360-4ef15d0ea9d4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=6bce5be6-f76d-4e03-957f-dca328d5a1ca
PipelineId=8
ScriptName=
CommandLine= Add-Type -TypeDefinition $platform_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.InteropServices;
using System.Security.Principal;
using System.Text;
namespace Ansible.PrivilegeUtil
{
[Flags]
public enum PrivilegeAttributes : uint
{
Disabled = 0x00000000,
EnabledByDefault = 0x00000001,
Enabled = 0x00000002,
Removed = 0x00000004,
UsedForAccess = 0x80000000,
}
internal class NativeHelpers
{
[StructLayout(LayoutKind.Sequential)]
internal struct LUID
{
public UInt32 LowPart;
public Int32 HighPart;
}
[StructLayout(LayoutKind.Sequential)]
internal struct LUID_AND_ATTRIBUTES
{
public LUID Luid;
public PrivilegeAttributes Attributes;
}
[StructLayout(LayoutKind.Sequential)]
internal struct TOKEN_PRIVILEGES
{
public UInt32 PrivilegeCount;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)]
public LUID_AND_ATTRIBUTES[] Privileges;
}
}
internal class NativeMethods
{
[DllImport("advapi32.dll", SetLastError = true)]
internal static extern bool AdjustTokenPrivileges(
IntPtr TokenHandle,
[MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges,
IntPtr NewState,
UInt32 BufferLength,
IntPtr PreviousState,
out UInt32 ReturnLength);
[DllImport("kernel32.dll")]
internal static extern bool CloseHandle(
IntPtr hObject);
[DllImport("kernel32")]
internal static extern SafeWaitHandle GetCurrentProcess();
[DllImport("advapi32.dll", SetLastError = true)]
internal static extern bool GetTokenInformation(
IntPtr TokenHandle,
UInt32 TokenInformationClass,
IntPtr TokenInformation,
UInt32 TokenInformationLength,
out UInt32 ReturnLength);
[DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
internal static extern bool LookupPrivilegeName(
string lpSystemName,
ref NativeHelpers.LUID lpLuid,
StringBuilder lpName,
ref UInt32 cchName);
[DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
internal static extern bool LookupPrivilegeValue(
string lpSystemName,
string lpName,
out NativeHelpers.LUID lpLuid);
[DllImport("advapi32.dll", SetLastError = true)]
internal static extern bool OpenProcessToken(
SafeHandle ProcessHandle,
TokenAccessLevels DesiredAccess,
out IntPtr TokenHandle);
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class Privileges
{
private static readonly UInt32 TOKEN_PRIVILEGES = 3;
public static bool CheckPrivilegeName(string name)
{
NativeHelpers.LUID luid;
if (!NativeMethods.LookupPrivilegeValue(null, name, out luid))
{
int errCode = Marshal.GetLastWin32Error();
if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE
throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name));
return false;
}
else
{
return true;
}
}
public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege)
{
return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } });
}
public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token)
{
return AdjustTokenPrivileges(token, null);
}
public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege)
{
return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } });
}
public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token)
{
IntPtr hToken = IntPtr.Zero;
if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken))
throw new Win32Exception("OpenProcessToken() failed");
Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>();
try
{
UInt32 tokenLength = 0;
NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength);
NativeHelpers.LUID_AND_ATTRIBUTES[] privileges;
IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength);
try
{
if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength))
throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed");
NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES));
privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount];
PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount)));
}
finally
{
Marshal.FreeHGlobal(privilegesPtr);
}
info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes);
}
finally
{
NativeMethods.CloseHandle(hToken);
}
return info;
}
public static SafeWaitHandle GetCurrentProcess()
{
return NativeMethods.GetCurrentProcess();
}
public static void RemovePrivilege(SafeHandle token, string privilege)
{
SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } });
}
public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state)
{
NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count];
int i = 0;
foreach (KeyValuePair<string, bool?> entry in state)
{
NativeHelpers.LUID luid;
if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid))
throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key));
PrivilegeAttributes attributes;
switch (entry.Value)
{
case true:
attributes = PrivilegeAttributes.Enabled;
break;
case false:
attributes = PrivilegeAttributes.Disabled;
break;
default:
attributes = PrivilegeAttributes.Removed;
break;
}
privilegeAttr[i].Luid = luid;
privilegeAttr[i].Attributes = attributes;
i++;
}
return AdjustTokenPrivileges(token, privilegeAttr);
}
private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState)
{
bool disableAllPrivileges;
IntPtr newStatePtr;
NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges;
UInt32 returnLength;
if (newState == null)
{
disableAllPrivileges = true;
newStatePtr = IntPtr.Zero;
}
else
{
disableAllPrivileges = false;
// Need to manually marshal the bytes requires for newState as the constant size
// of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES
// always contains at least 1 entry so we need to calculate the extra size if there are
// nore than 1 LUID_AND_ATTRIBUTES entry
int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES));
int luidAttrSize = 0;
if (newState.Length > 1)
luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1);
int totalSize = tokenPrivilegesSize + luidAttrSize;
byte[] newStateBytes = new byte[totalSize];
// get the first entry that includes the struct details
NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES()
{
PrivilegeCount = (UInt32)newState.Length,
Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1],
};
if (newState.Length > 0)
tokenPrivileges.Privileges[0] = newState[0];
int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0);
// copy the remaining LUID_AND_ATTRIBUTES (if any)
for (int i = 1; i < newState.Length; i++)
offset += StructureToBytes(newState[i], newStateBytes, offset);
// finally create the pointer to the byte array we just created
newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length);
Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length);
}
try
{
IntPtr hToken = IntPtr.Zero;
if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken))
throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges");
try
{
IntPtr oldStatePtr = Marshal.AllocHGlobal(0);
if (!NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength))
{
int errCode = Marshal.GetLastWin32Error();
if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER
throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size");
}
// resize the oldStatePtr based on the length returned from Windows
Marshal.FreeHGlobal(oldStatePtr);
oldStatePtr = Marshal.AllocHGlobal((int)returnLength);
try
{
bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength);
int errCode = Marshal.GetLastWin32Error();
// even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code
if (!res || errCode != 0)
throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed");
// Marshal the oldStatePtr to the struct
NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES));
oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount];
PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount)));
}
finally
{
Marshal.FreeHGlobal(oldStatePtr);
}
}
finally
{
NativeMethods.CloseHandle(hToken);
}
}
finally
{
if (newStatePtr != IntPtr.Zero)
Marshal.FreeHGlobal(newStatePtr);
}
return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled));
}
private static string GetPrivilegeName(NativeHelpers.LUID luid)
{
UInt32 nameLen = 0;
NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen);
StringBuilder name = new StringBuilder((int)(nameLen + 1));
if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen))
throw new Win32Exception("LookupPrivilegeName() failed");
return name.ToString();
}
private static void PtrToStructureArray<T>(T[] array, IntPtr ptr)
{
IntPtr ptrOffset = ptr;
for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T))))
array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T));
}
private static int StructureToBytes<T>(T structure, byte[] array, int offset)
{
int size = Marshal.SizeOf(structure);
IntPtr structPtr = Marshal.AllocHGlobal(size);
try
{
Marshal.StructureToPtr(structure, structPtr, false);
Marshal.Copy(structPtr, array, offset, size);
}
finally
{
Marshal.FreeHGlobal(structPtr);
}
return size;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 3313 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:33 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $link_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=212d444e-875a-471a-8360-4ef15d0ea9d4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=6bce5be6-f76d-4e03-957f-dca328d5a1ca
PipelineId=8
ScriptName=
CommandLine= Add-Type -TypeDefinition $link_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections.Generic;
using System.IO;
using System.Runtime.InteropServices;
using System.Text;
namespace Ansible
{
public enum LinkType
{
SymbolicLink,
JunctionPoint,
HardLink
}
public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); }
}
public class LinkInfo
{
public LinkType Type { get; internal set; }
public string PrintName { get; internal set; }
public string SubstituteName { get; internal set; }
public string AbsolutePath { get; internal set; }
public string TargetPath { get; internal set; }
public string[] HardTargets { get; internal set; }
}
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct REPARSE_DATA_BUFFER
{
public UInt32 ReparseTag;
public UInt16 ReparseDataLength;
public UInt16 Reserved;
public UInt16 SubstituteNameOffset;
public UInt16 SubstituteNameLength;
public UInt16 PrintNameOffset;
public UInt16 PrintNameLength;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)]
public char[] PathBuffer;
}
public class LinkUtil
{
public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16;
private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000;
private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000;
private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8;
private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4;
private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000;
private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003;
private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C;
private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001;
private const Int64 INVALID_HANDLE_VALUE = -1;
private const UInt32 SIZE_OF_WCHAR = 2;
private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000;
private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001;
[DllImport("kernel32.dll", CharSet = CharSet.Auto)]
private static extern SafeFileHandle CreateFile(
string lpFileName,
[MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess,
[MarshalAs(UnmanagedType.U4)] FileShare dwShareMode,
IntPtr lpSecurityAttributes,
[MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition,
UInt32 dwFlagsAndAttributes,
IntPtr hTemplateFile);
// Used by GetReparsePointInfo()
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool DeviceIoControl(
SafeFileHandle hDevice,
UInt32 dwIoControlCode,
IntPtr lpInBuffer,
UInt32 nInBufferSize,
out REPARSE_DATA_BUFFER lpOutBuffer,
UInt32 nOutBufferSize,
out UInt32 lpBytesReturned,
IntPtr lpOverlapped);
// Used by CreateJunctionPoint()
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool DeviceIoControl(
SafeFileHandle hDevice,
UInt32 dwIoControlCode,
REPARSE_DATA_BUFFER lpInBuffer,
UInt32 nInBufferSize,
IntPtr lpOutBuffer,
UInt32 nOutBufferSize,
out UInt32 lpBytesReturned,
IntPtr lpOverlapped);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool GetVolumePathName(
string lpszFileName,
StringBuilder lpszVolumePathName,
ref UInt32 cchBufferLength);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern IntPtr FindFirstFileNameW(
string lpFileName,
UInt32 dwFlags,
ref UInt32 StringLength,
StringBuilder LinkName);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool FindNextFileNameW(
IntPtr hFindStream,
ref UInt32 StringLength,
StringBuilder LinkName);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool FindClose(
IntPtr hFindFile);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool RemoveDirectory(
string lpPathName);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool DeleteFile(
string lpFileName);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool CreateSymbolicLink(
string lpSymlinkFileName,
string lpTargetFileName,
UInt32 dwFlags);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool CreateHardLink(
string lpFileName,
string lpExistingFileName,
IntPtr lpSecurityAttributes);
public static LinkInfo GetLinkInfo(string linkPath)
{
FileAttributes attr = File.GetAttributes(linkPath);
if (attr.HasFlag(FileAttributes.ReparsePoint))
return GetReparsePointInfo(linkPath);
if (!attr.HasFlag(FileAttributes.Directory))
return GetHardLinkInfo(linkPath);
return null;
}
public static void DeleteLink(string linkPath)
{
bool success;
FileAttributes attr = File.GetAttributes(linkPath);
if (attr.HasFlag(FileAttributes.Directory))
{
success = RemoveDirectory(linkPath);
}
else
{
success = DeleteFile(linkPath);
}
if (!success)
throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath));
}
public static void CreateLink(string linkPath, String linkTarget, LinkType linkType)
{
switch (linkType)
{
case LinkType.SymbolicLink:
UInt32 linkFlags;
FileAttributes attr = File.GetAttributes(linkTarget);
if (attr.HasFlag(FileAttributes.Directory))
linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY;
else
linkFlags = SYMBOLIC_LINK_FLAG_FILE;
if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags))
throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags));
break;
case LinkType.JunctionPoint:
CreateJunctionPoint(linkPath, linkTarget);
break;
case LinkType.HardLink:
if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero))
throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget));
break;
}
}
private static LinkInfo GetHardLinkInfo(string linkPath)
{
UInt32 maxPath = 260;
List<string> result = new List<string>();
StringBuilder sb = new StringBuilder((int)maxPath);
UInt32 stringLength = maxPath;
if (!GetVolumePathName(linkPath, sb, ref stringLength))
throw new LinkUtilWin32Exception("GetVolumePathName() failed");
string volume = sb.ToString();
stringLength = maxPath;
IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb);
if (findHandle.ToInt64() != INVALID_HANDLE_VALUE)
{
try
{
do
{
string hardLinkPath = sb.ToString();
if (hardLinkPath.StartsWith("\\"))
hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1);
result.Add(Path.Combine(volume, hardLinkPath));
stringLength = maxPath;
} while (FindNextFileNameW(findHandle, ref stringLength, sb));
}
finally
{
FindClose(findHandle);
}
}
if (result.Count > 1)
return new LinkInfo
{
Type = LinkType.HardLink,
HardTargets = result.ToArray()
};
return null;
}
private static LinkInfo GetReparsePointInfo(string linkPath)
{
SafeFileHandle fileHandle = CreateFile(
linkPath,
FileAccess.Read,
FileShare.None,
IntPtr.Zero,
FileMode.Open,
FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS,
IntPtr.Zero);
if (fileHandle.IsInvalid)
throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath));
REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER();
UInt32 bytesReturned;
try
{
if (!DeviceIoControl(
fileHandle,
FSCTL_GET_REPARSE_POINT,
IntPtr.Zero,
0,
out buffer,
MAXIMUM_REPARSE_DATA_BUFFER_SIZE,
out bytesReturned,
IntPtr.Zero))
throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath));
}
finally
{
fileHandle.Dispose();
}
bool isRelative = false;
int pathOffset = 0;
LinkType linkType;
if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK)
{
UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]);
if (bufferFlags == SYMLINK_FLAG_RELATIVE)
isRelative = true;
pathOffset = 2;
linkType = LinkType.SymbolicLink;
}
else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT)
{
linkType = LinkType.JunctionPoint;
}
else
{
string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString());
throw new Exception(errorMessage);
}
string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR));
string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR));
// TODO: should we check for \?\UNC\server for convert it to the NT style \\server path
// Remove the leading Windows object directory \?\ from the path if present
string targetPath = substituteName;
if (targetPath.StartsWith("\\??\\"))
targetPath = targetPath.Substring(4, targetPath.Length - 4);
string absolutePath = targetPath;
if (isRelative)
absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath));
return new LinkInfo
{
Type = linkType,
PrintName = printName,
SubstituteName = substituteName,
AbsolutePath = absolutePath,
TargetPath = targetPath
};
}
private static void CreateJunctionPoint(string linkPath, string linkTarget)
{
// We need to create the link as a dir beforehand
Directory.CreateDirectory(linkPath);
SafeFileHandle fileHandle = CreateFile(
linkPath,
FileAccess.Write,
FileShare.Read | FileShare.Write | FileShare.None,
IntPtr.Zero,
FileMode.Open,
FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT,
IntPtr.Zero);
if (fileHandle.IsInvalid)
throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath));
try
{
string substituteName = "\\??\\" + Path.GetFullPath(linkTarget);
string printName = linkTarget;
REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER();
buffer.SubstituteNameOffset = 0;
buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR);
buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2);
buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR);
buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT;
buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12);
buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE];
byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName);
char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes);
Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length);
UInt32 bytesReturned;
if (!DeviceIoControl(
fileHandle,
FSCTL_SET_REPARSE_POINT,
buffer,
(UInt32)(buffer.ReparseDataLength + 8),
IntPtr.Zero, 0,
out bytesReturned,
IntPtr.Zero))
throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget));
}
finally
{
fileHandle.Dispose();
}
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 3312 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:32 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=212d444e-875a-471a-8360-4ef15d0ea9d4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=6bce5be6-f76d-4e03-957f-dca328d5a1ca
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3311 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:32 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=212d444e-875a-471a-8360-4ef15d0ea9d4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3310 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:32 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=212d444e-875a-471a-8360-4ef15d0ea9d4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3309 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:32 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=212d444e-875a-471a-8360-4ef15d0ea9d4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3308 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:32 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=212d444e-875a-471a-8360-4ef15d0ea9d4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3307 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:32 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=212d444e-875a-471a-8360-4ef15d0ea9d4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3306 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:32 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=212d444e-875a-471a-8360-4ef15d0ea9d4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3305 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:32 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=212d444e-875a-471a-8360-4ef15d0ea9d4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3304 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:32 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=212d444e-875a-471a-8360-4ef15d0ea9d4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3303 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:32 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2e4ae732-9abb-4e18-b179-47ff0a053a95
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=77bc98f9-cc1d-400d-94b1-9bd183eadfa3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3302 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:31 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2e4ae732-9abb-4e18-b179-47ff0a053a95
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3301 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:31 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2e4ae732-9abb-4e18-b179-47ff0a053a95
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3300 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:31 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2e4ae732-9abb-4e18-b179-47ff0a053a95
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3299 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:31 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2e4ae732-9abb-4e18-b179-47ff0a053a95
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3298 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:31 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2e4ae732-9abb-4e18-b179-47ff0a053a95
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3297 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:31 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2e4ae732-9abb-4e18-b179-47ff0a053a95
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3296 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:31 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=75283ba3-20b5-4de4-a444-1a48081c86d7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=7c22db8f-5071-44c6-ad41-de2abe8270ab
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3295 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:30 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=aed34e2b-be38-4c9a-a2ff-c0365887523c
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A
EngineVersion=5.1.14393.1944
RunspaceId=56209afb-2e15-4ee7-823b-412c35ff6da3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3294 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:30 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=aed34e2b-be38-4c9a-a2ff-c0365887523c
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A
EngineVersion=5.1.14393.1944
RunspaceId=56209afb-2e15-4ee7-823b-412c35ff6da3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3293 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:29 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=aed34e2b-be38-4c9a-a2ff-c0365887523c
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3292 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:29 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=aed34e2b-be38-4c9a-a2ff-c0365887523c
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3291 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:29 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=aed34e2b-be38-4c9a-a2ff-c0365887523c
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3290 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:29 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=aed34e2b-be38-4c9a-a2ff-c0365887523c
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3289 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:29 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=aed34e2b-be38-4c9a-a2ff-c0365887523c
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3288 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:29 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=aed34e2b-be38-4c9a-a2ff-c0365887523c
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AaAB5AHAAZQByAHYALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3287 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:29 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d1439d32-0c0f-4be5-8083-500ee4a4d5d6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=f1467b0c-3cba-44d9-b796-00e59c86044e
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 3286 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:29 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d1439d32-0c0f-4be5-8083-500ee4a4d5d6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=f1467b0c-3cba-44d9-b796-00e59c86044e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3285 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:29 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d1439d32-0c0f-4be5-8083-500ee4a4d5d6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3284 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:29 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d1439d32-0c0f-4be5-8083-500ee4a4d5d6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3283 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:29 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d1439d32-0c0f-4be5-8083-500ee4a4d5d6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3282 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:29 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d1439d32-0c0f-4be5-8083-500ee4a4d5d6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3281 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:29 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d1439d32-0c0f-4be5-8083-500ee4a4d5d6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3280 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:29 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d1439d32-0c0f-4be5-8083-500ee4a4d5d6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3279 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:29 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d1439d32-0c0f-4be5-8083-500ee4a4d5d6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3278 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:29 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d1439d32-0c0f-4be5-8083-500ee4a4d5d6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3277 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:29 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=75283ba3-20b5-4de4-a444-1a48081c86d7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=7c22db8f-5071-44c6-ad41-de2abe8270ab
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3276 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=75283ba3-20b5-4de4-a444-1a48081c86d7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3275 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=75283ba3-20b5-4de4-a444-1a48081c86d7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3274 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=75283ba3-20b5-4de4-a444-1a48081c86d7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3273 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=75283ba3-20b5-4de4-a444-1a48081c86d7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3272 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=75283ba3-20b5-4de4-a444-1a48081c86d7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3271 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=75283ba3-20b5-4de4-a444-1a48081c86d7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3270 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=37
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2bd55528-eef0-4138-9ce7-854ac58ff39a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=843fa3a6-9282-4d49-b941-bc7543c0c9f4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3269 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $platform_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=35
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=57455606-0f03-478f-8db1-7457d59f8d64
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=194b16a6-a27e-4b89-bb2e-345eee479754
PipelineId=8
ScriptName=
CommandLine= Add-Type -TypeDefinition $platform_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.InteropServices;
using System.Security.Principal;
using System.Text;
namespace Ansible.PrivilegeUtil
{
[Flags]
public enum PrivilegeAttributes : uint
{
Disabled = 0x00000000,
EnabledByDefault = 0x00000001,
Enabled = 0x00000002,
Removed = 0x00000004,
UsedForAccess = 0x80000000,
}
internal class NativeHelpers
{
[StructLayout(LayoutKind.Sequential)]
internal struct LUID
{
public UInt32 LowPart;
public Int32 HighPart;
}
[StructLayout(LayoutKind.Sequential)]
internal struct LUID_AND_ATTRIBUTES
{
public LUID Luid;
public PrivilegeAttributes Attributes;
}
[StructLayout(LayoutKind.Sequential)]
internal struct TOKEN_PRIVILEGES
{
public UInt32 PrivilegeCount;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)]
public LUID_AND_ATTRIBUTES[] Privileges;
}
}
internal class NativeMethods
{
[DllImport("advapi32.dll", SetLastError = true)]
internal static extern bool AdjustTokenPrivileges(
IntPtr TokenHandle,
[MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges,
IntPtr NewState,
UInt32 BufferLength,
IntPtr PreviousState,
out UInt32 ReturnLength);
[DllImport("kernel32.dll")]
internal static extern bool CloseHandle(
IntPtr hObject);
[DllImport("kernel32")]
internal static extern SafeWaitHandle GetCurrentProcess();
[DllImport("advapi32.dll", SetLastError = true)]
internal static extern bool GetTokenInformation(
IntPtr TokenHandle,
UInt32 TokenInformationClass,
IntPtr TokenInformation,
UInt32 TokenInformationLength,
out UInt32 ReturnLength);
[DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
internal static extern bool LookupPrivilegeName(
string lpSystemName,
ref NativeHelpers.LUID lpLuid,
StringBuilder lpName,
ref UInt32 cchName);
[DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
internal static extern bool LookupPrivilegeValue(
string lpSystemName,
string lpName,
out NativeHelpers.LUID lpLuid);
[DllImport("advapi32.dll", SetLastError = true)]
internal static extern bool OpenProcessToken(
SafeHandle ProcessHandle,
TokenAccessLevels DesiredAccess,
out IntPtr TokenHandle);
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class Privileges
{
private static readonly UInt32 TOKEN_PRIVILEGES = 3;
public static bool CheckPrivilegeName(string name)
{
NativeHelpers.LUID luid;
if (!NativeMethods.LookupPrivilegeValue(null, name, out luid))
{
int errCode = Marshal.GetLastWin32Error();
if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE
throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name));
return false;
}
else
{
return true;
}
}
public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege)
{
return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } });
}
public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token)
{
return AdjustTokenPrivileges(token, null);
}
public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege)
{
return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } });
}
public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token)
{
IntPtr hToken = IntPtr.Zero;
if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken))
throw new Win32Exception("OpenProcessToken() failed");
Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>();
try
{
UInt32 tokenLength = 0;
NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength);
NativeHelpers.LUID_AND_ATTRIBUTES[] privileges;
IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength);
try
{
if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength))
throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed");
NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES));
privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount];
PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount)));
}
finally
{
Marshal.FreeHGlobal(privilegesPtr);
}
info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes);
}
finally
{
NativeMethods.CloseHandle(hToken);
}
return info;
}
public static SafeWaitHandle GetCurrentProcess()
{
return NativeMethods.GetCurrentProcess();
}
public static void RemovePrivilege(SafeHandle token, string privilege)
{
SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } });
}
public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state)
{
NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count];
int i = 0;
foreach (KeyValuePair<string, bool?> entry in state)
{
NativeHelpers.LUID luid;
if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid))
throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key));
PrivilegeAttributes attributes;
switch (entry.Value)
{
case true:
attributes = PrivilegeAttributes.Enabled;
break;
case false:
attributes = PrivilegeAttributes.Disabled;
break;
default:
attributes = PrivilegeAttributes.Removed;
break;
}
privilegeAttr[i].Luid = luid;
privilegeAttr[i].Attributes = attributes;
i++;
}
return AdjustTokenPrivileges(token, privilegeAttr);
}
private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState)
{
bool disableAllPrivileges;
IntPtr newStatePtr;
NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges;
UInt32 returnLength;
if (newState == null)
{
disableAllPrivileges = true;
newStatePtr = IntPtr.Zero;
}
else
{
disableAllPrivileges = false;
// Need to manually marshal the bytes requires for newState as the constant size
// of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES
// always contains at least 1 entry so we need to calculate the extra size if there are
// nore than 1 LUID_AND_ATTRIBUTES entry
int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES));
int luidAttrSize = 0;
if (newState.Length > 1)
luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1);
int totalSize = tokenPrivilegesSize + luidAttrSize;
byte[] newStateBytes = new byte[totalSize];
// get the first entry that includes the struct details
NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES()
{
PrivilegeCount = (UInt32)newState.Length,
Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1],
};
if (newState.Length > 0)
tokenPrivileges.Privileges[0] = newState[0];
int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0);
// copy the remaining LUID_AND_ATTRIBUTES (if any)
for (int i = 1; i < newState.Length; i++)
offset += StructureToBytes(newState[i], newStateBytes, offset);
// finally create the pointer to the byte array we just created
newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length);
Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length);
}
try
{
IntPtr hToken = IntPtr.Zero;
if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken))
throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges");
try
{
IntPtr oldStatePtr = Marshal.AllocHGlobal(0);
if (!NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength))
{
int errCode = Marshal.GetLastWin32Error();
if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER
throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size");
}
// resize the oldStatePtr based on the length returned from Windows
Marshal.FreeHGlobal(oldStatePtr);
oldStatePtr = Marshal.AllocHGlobal((int)returnLength);
try
{
bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength);
int errCode = Marshal.GetLastWin32Error();
// even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code
if (!res || errCode != 0)
throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed");
// Marshal the oldStatePtr to the struct
NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES));
oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount];
PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount)));
}
finally
{
Marshal.FreeHGlobal(oldStatePtr);
}
}
finally
{
NativeMethods.CloseHandle(hToken);
}
}
finally
{
if (newStatePtr != IntPtr.Zero)
Marshal.FreeHGlobal(newStatePtr);
}
return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled));
}
private static string GetPrivilegeName(NativeHelpers.LUID luid)
{
UInt32 nameLen = 0;
NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen);
StringBuilder name = new StringBuilder((int)(nameLen + 1));
if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen))
throw new Win32Exception("LookupPrivilegeName() failed");
return name.ToString();
}
private static void PtrToStructureArray<T>(T[] array, IntPtr ptr)
{
IntPtr ptrOffset = ptr;
for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T))))
array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T));
}
private static int StructureToBytes<T>(T structure, byte[] array, int offset)
{
int size = Marshal.SizeOf(structure);
IntPtr structPtr = Marshal.AllocHGlobal(size);
try
{
Marshal.StructureToPtr(structure, structPtr, false);
Marshal.Copy(structPtr, array, offset, size);
}
finally
{
Marshal.FreeHGlobal(structPtr);
}
return size;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 3268 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:27 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $link_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=57455606-0f03-478f-8db1-7457d59f8d64
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=194b16a6-a27e-4b89-bb2e-345eee479754
PipelineId=8
ScriptName=
CommandLine= Add-Type -TypeDefinition $link_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections.Generic;
using System.IO;
using System.Runtime.InteropServices;
using System.Text;
namespace Ansible
{
public enum LinkType
{
SymbolicLink,
JunctionPoint,
HardLink
}
public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); }
}
public class LinkInfo
{
public LinkType Type { get; internal set; }
public string PrintName { get; internal set; }
public string SubstituteName { get; internal set; }
public string AbsolutePath { get; internal set; }
public string TargetPath { get; internal set; }
public string[] HardTargets { get; internal set; }
}
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct REPARSE_DATA_BUFFER
{
public UInt32 ReparseTag;
public UInt16 ReparseDataLength;
public UInt16 Reserved;
public UInt16 SubstituteNameOffset;
public UInt16 SubstituteNameLength;
public UInt16 PrintNameOffset;
public UInt16 PrintNameLength;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)]
public char[] PathBuffer;
}
public class LinkUtil
{
public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16;
private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000;
private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000;
private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8;
private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4;
private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000;
private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003;
private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C;
private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001;
private const Int64 INVALID_HANDLE_VALUE = -1;
private const UInt32 SIZE_OF_WCHAR = 2;
private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000;
private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001;
[DllImport("kernel32.dll", CharSet = CharSet.Auto)]
private static extern SafeFileHandle CreateFile(
string lpFileName,
[MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess,
[MarshalAs(UnmanagedType.U4)] FileShare dwShareMode,
IntPtr lpSecurityAttributes,
[MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition,
UInt32 dwFlagsAndAttributes,
IntPtr hTemplateFile);
// Used by GetReparsePointInfo()
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool DeviceIoControl(
SafeFileHandle hDevice,
UInt32 dwIoControlCode,
IntPtr lpInBuffer,
UInt32 nInBufferSize,
out REPARSE_DATA_BUFFER lpOutBuffer,
UInt32 nOutBufferSize,
out UInt32 lpBytesReturned,
IntPtr lpOverlapped);
// Used by CreateJunctionPoint()
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool DeviceIoControl(
SafeFileHandle hDevice,
UInt32 dwIoControlCode,
REPARSE_DATA_BUFFER lpInBuffer,
UInt32 nInBufferSize,
IntPtr lpOutBuffer,
UInt32 nOutBufferSize,
out UInt32 lpBytesReturned,
IntPtr lpOverlapped);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool GetVolumePathName(
string lpszFileName,
StringBuilder lpszVolumePathName,
ref UInt32 cchBufferLength);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern IntPtr FindFirstFileNameW(
string lpFileName,
UInt32 dwFlags,
ref UInt32 StringLength,
StringBuilder LinkName);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool FindNextFileNameW(
IntPtr hFindStream,
ref UInt32 StringLength,
StringBuilder LinkName);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool FindClose(
IntPtr hFindFile);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool RemoveDirectory(
string lpPathName);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool DeleteFile(
string lpFileName);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool CreateSymbolicLink(
string lpSymlinkFileName,
string lpTargetFileName,
UInt32 dwFlags);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool CreateHardLink(
string lpFileName,
string lpExistingFileName,
IntPtr lpSecurityAttributes);
public static LinkInfo GetLinkInfo(string linkPath)
{
FileAttributes attr = File.GetAttributes(linkPath);
if (attr.HasFlag(FileAttributes.ReparsePoint))
return GetReparsePointInfo(linkPath);
if (!attr.HasFlag(FileAttributes.Directory))
return GetHardLinkInfo(linkPath);
return null;
}
public static void DeleteLink(string linkPath)
{
bool success;
FileAttributes attr = File.GetAttributes(linkPath);
if (attr.HasFlag(FileAttributes.Directory))
{
success = RemoveDirectory(linkPath);
}
else
{
success = DeleteFile(linkPath);
}
if (!success)
throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath));
}
public static void CreateLink(string linkPath, String linkTarget, LinkType linkType)
{
switch (linkType)
{
case LinkType.SymbolicLink:
UInt32 linkFlags;
FileAttributes attr = File.GetAttributes(linkTarget);
if (attr.HasFlag(FileAttributes.Directory))
linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY;
else
linkFlags = SYMBOLIC_LINK_FLAG_FILE;
if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags))
throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags));
break;
case LinkType.JunctionPoint:
CreateJunctionPoint(linkPath, linkTarget);
break;
case LinkType.HardLink:
if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero))
throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget));
break;
}
}
private static LinkInfo GetHardLinkInfo(string linkPath)
{
UInt32 maxPath = 260;
List<string> result = new List<string>();
StringBuilder sb = new StringBuilder((int)maxPath);
UInt32 stringLength = maxPath;
if (!GetVolumePathName(linkPath, sb, ref stringLength))
throw new LinkUtilWin32Exception("GetVolumePathName() failed");
string volume = sb.ToString();
stringLength = maxPath;
IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb);
if (findHandle.ToInt64() != INVALID_HANDLE_VALUE)
{
try
{
do
{
string hardLinkPath = sb.ToString();
if (hardLinkPath.StartsWith("\\"))
hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1);
result.Add(Path.Combine(volume, hardLinkPath));
stringLength = maxPath;
} while (FindNextFileNameW(findHandle, ref stringLength, sb));
}
finally
{
FindClose(findHandle);
}
}
if (result.Count > 1)
return new LinkInfo
{
Type = LinkType.HardLink,
HardTargets = result.ToArray()
};
return null;
}
private static LinkInfo GetReparsePointInfo(string linkPath)
{
SafeFileHandle fileHandle = CreateFile(
linkPath,
FileAccess.Read,
FileShare.None,
IntPtr.Zero,
FileMode.Open,
FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS,
IntPtr.Zero);
if (fileHandle.IsInvalid)
throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath));
REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER();
UInt32 bytesReturned;
try
{
if (!DeviceIoControl(
fileHandle,
FSCTL_GET_REPARSE_POINT,
IntPtr.Zero,
0,
out buffer,
MAXIMUM_REPARSE_DATA_BUFFER_SIZE,
out bytesReturned,
IntPtr.Zero))
throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath));
}
finally
{
fileHandle.Dispose();
}
bool isRelative = false;
int pathOffset = 0;
LinkType linkType;
if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK)
{
UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]);
if (bufferFlags == SYMLINK_FLAG_RELATIVE)
isRelative = true;
pathOffset = 2;
linkType = LinkType.SymbolicLink;
}
else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT)
{
linkType = LinkType.JunctionPoint;
}
else
{
string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString());
throw new Exception(errorMessage);
}
string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR));
string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR));
// TODO: should we check for \?\UNC\server for convert it to the NT style \\server path
// Remove the leading Windows object directory \?\ from the path if present
string targetPath = substituteName;
if (targetPath.StartsWith("\\??\\"))
targetPath = targetPath.Substring(4, targetPath.Length - 4);
string absolutePath = targetPath;
if (isRelative)
absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath));
return new LinkInfo
{
Type = linkType,
PrintName = printName,
SubstituteName = substituteName,
AbsolutePath = absolutePath,
TargetPath = targetPath
};
}
private static void CreateJunctionPoint(string linkPath, string linkTarget)
{
// We need to create the link as a dir beforehand
Directory.CreateDirectory(linkPath);
SafeFileHandle fileHandle = CreateFile(
linkPath,
FileAccess.Write,
FileShare.Read | FileShare.Write | FileShare.None,
IntPtr.Zero,
FileMode.Open,
FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT,
IntPtr.Zero);
if (fileHandle.IsInvalid)
throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath));
try
{
string substituteName = "\\??\\" + Path.GetFullPath(linkTarget);
string printName = linkTarget;
REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER();
buffer.SubstituteNameOffset = 0;
buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR);
buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2);
buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR);
buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT;
buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12);
buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE];
byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName);
char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes);
Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length);
UInt32 bytesReturned;
if (!DeviceIoControl(
fileHandle,
FSCTL_SET_REPARSE_POINT,
buffer,
(UInt32)(buffer.ReparseDataLength + 8),
IntPtr.Zero, 0,
out bytesReturned,
IntPtr.Zero))
throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget));
}
finally
{
fileHandle.Dispose();
}
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 3267 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:27 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=57455606-0f03-478f-8db1-7457d59f8d64
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=194b16a6-a27e-4b89-bb2e-345eee479754
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3266 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:27 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=57455606-0f03-478f-8db1-7457d59f8d64
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3265 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:27 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=57455606-0f03-478f-8db1-7457d59f8d64
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3264 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:27 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=57455606-0f03-478f-8db1-7457d59f8d64
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3263 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:27 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=57455606-0f03-478f-8db1-7457d59f8d64
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3262 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:27 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=57455606-0f03-478f-8db1-7457d59f8d64
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3261 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:27 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=57455606-0f03-478f-8db1-7457d59f8d64
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3260 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:27 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=57455606-0f03-478f-8db1-7457d59f8d64
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3259 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:27 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=57455606-0f03-478f-8db1-7457d59f8d64
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3258 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:27 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2bd55528-eef0-4138-9ce7-854ac58ff39a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=843fa3a6-9282-4d49-b941-bc7543c0c9f4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3257 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:26 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2bd55528-eef0-4138-9ce7-854ac58ff39a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3256 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:26 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2bd55528-eef0-4138-9ce7-854ac58ff39a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3255 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:26 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2bd55528-eef0-4138-9ce7-854ac58ff39a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3254 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:26 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2bd55528-eef0-4138-9ce7-854ac58ff39a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3253 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:26 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2bd55528-eef0-4138-9ce7-854ac58ff39a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3252 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:26 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2bd55528-eef0-4138-9ce7-854ac58ff39a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3251 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:26 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=25212f80-0480-40dd-a50e-fa94554d4549
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=5d917291-1ed0-4ef7-a293-61add7673839
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3250 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=feb425c0-d1dc-4235-9df2-3ed6ad2b6af7
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABjAGkAbgBkAGUAcgAtAGIAYQBjAGsAdQBwACAAfAAgACUAewAkAF8ALgBTAHQAYQB0AHUAcwB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=54aa6f7b-def5-478e-8a9c-df9331298a26
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3249 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=feb425c0-d1dc-4235-9df2-3ed6ad2b6af7
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABjAGkAbgBkAGUAcgAtAGIAYQBjAGsAdQBwACAAfAAgACUAewAkAF8ALgBTAHQAYQB0AHUAcwB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=54aa6f7b-def5-478e-8a9c-df9331298a26
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3248 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=feb425c0-d1dc-4235-9df2-3ed6ad2b6af7
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABjAGkAbgBkAGUAcgAtAGIAYQBjAGsAdQBwACAAfAAgACUAewAkAF8ALgBTAHQAYQB0AHUAcwB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3247 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=feb425c0-d1dc-4235-9df2-3ed6ad2b6af7
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABjAGkAbgBkAGUAcgAtAGIAYQBjAGsAdQBwACAAfAAgACUAewAkAF8ALgBTAHQAYQB0AHUAcwB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3246 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=feb425c0-d1dc-4235-9df2-3ed6ad2b6af7
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABjAGkAbgBkAGUAcgAtAGIAYQBjAGsAdQBwACAAfAAgACUAewAkAF8ALgBTAHQAYQB0AHUAcwB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3245 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=feb425c0-d1dc-4235-9df2-3ed6ad2b6af7
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABjAGkAbgBkAGUAcgAtAGIAYQBjAGsAdQBwACAAfAAgACUAewAkAF8ALgBTAHQAYQB0AHUAcwB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3244 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=feb425c0-d1dc-4235-9df2-3ed6ad2b6af7
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABjAGkAbgBkAGUAcgAtAGIAYQBjAGsAdQBwACAAfAAgACUAewAkAF8ALgBTAHQAYQB0AHUAcwB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3243 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=feb425c0-d1dc-4235-9df2-3ed6ad2b6af7
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABjAGkAbgBkAGUAcgAtAGIAYQBjAGsAdQBwACAAfAAgACUAewAkAF8ALgBTAHQAYQB0AHUAcwB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3242 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=022223c9-dbfd-464a-85a0-8b3c59cd8b19
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=89c2ffb6-995f-4694-b613-c5bb84548cb9
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 3241 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=022223c9-dbfd-464a-85a0-8b3c59cd8b19
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=89c2ffb6-995f-4694-b613-c5bb84548cb9
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3240 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=022223c9-dbfd-464a-85a0-8b3c59cd8b19
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3239 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=022223c9-dbfd-464a-85a0-8b3c59cd8b19
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3238 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=022223c9-dbfd-464a-85a0-8b3c59cd8b19
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3237 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=022223c9-dbfd-464a-85a0-8b3c59cd8b19
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3236 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=022223c9-dbfd-464a-85a0-8b3c59cd8b19
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3235 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=022223c9-dbfd-464a-85a0-8b3c59cd8b19
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3234 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=022223c9-dbfd-464a-85a0-8b3c59cd8b19
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3233 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=022223c9-dbfd-464a-85a0-8b3c59cd8b19
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3232 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=25212f80-0480-40dd-a50e-fa94554d4549
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=5d917291-1ed0-4ef7-a293-61add7673839
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3231 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:23 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=25212f80-0480-40dd-a50e-fa94554d4549
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3230 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:23 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=25212f80-0480-40dd-a50e-fa94554d4549
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3229 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:23 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=25212f80-0480-40dd-a50e-fa94554d4549
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3228 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:23 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=25212f80-0480-40dd-a50e-fa94554d4549
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3227 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:23 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=25212f80-0480-40dd-a50e-fa94554d4549
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3226 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:23 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=25212f80-0480-40dd-a50e-fa94554d4549
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3225 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:23 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=37
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b1695a8f-75ce-402f-af66-316d4e617bb2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=caea0b86-148b-4368-adad-82564aa24446
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3224 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $platform_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=35
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=36ae9145-e475-408d-b2a7-28094b42fc01
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=03aa5ca0-eb01-4525-b132-f48f755cf32c
PipelineId=8
ScriptName=
CommandLine= Add-Type -TypeDefinition $platform_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.InteropServices;
using System.Security.Principal;
using System.Text;
namespace Ansible.PrivilegeUtil
{
[Flags]
public enum PrivilegeAttributes : uint
{
Disabled = 0x00000000,
EnabledByDefault = 0x00000001,
Enabled = 0x00000002,
Removed = 0x00000004,
UsedForAccess = 0x80000000,
}
internal class NativeHelpers
{
[StructLayout(LayoutKind.Sequential)]
internal struct LUID
{
public UInt32 LowPart;
public Int32 HighPart;
}
[StructLayout(LayoutKind.Sequential)]
internal struct LUID_AND_ATTRIBUTES
{
public LUID Luid;
public PrivilegeAttributes Attributes;
}
[StructLayout(LayoutKind.Sequential)]
internal struct TOKEN_PRIVILEGES
{
public UInt32 PrivilegeCount;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)]
public LUID_AND_ATTRIBUTES[] Privileges;
}
}
internal class NativeMethods
{
[DllImport("advapi32.dll", SetLastError = true)]
internal static extern bool AdjustTokenPrivileges(
IntPtr TokenHandle,
[MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges,
IntPtr NewState,
UInt32 BufferLength,
IntPtr PreviousState,
out UInt32 ReturnLength);
[DllImport("kernel32.dll")]
internal static extern bool CloseHandle(
IntPtr hObject);
[DllImport("kernel32")]
internal static extern SafeWaitHandle GetCurrentProcess();
[DllImport("advapi32.dll", SetLastError = true)]
internal static extern bool GetTokenInformation(
IntPtr TokenHandle,
UInt32 TokenInformationClass,
IntPtr TokenInformation,
UInt32 TokenInformationLength,
out UInt32 ReturnLength);
[DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
internal static extern bool LookupPrivilegeName(
string lpSystemName,
ref NativeHelpers.LUID lpLuid,
StringBuilder lpName,
ref UInt32 cchName);
[DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
internal static extern bool LookupPrivilegeValue(
string lpSystemName,
string lpName,
out NativeHelpers.LUID lpLuid);
[DllImport("advapi32.dll", SetLastError = true)]
internal static extern bool OpenProcessToken(
SafeHandle ProcessHandle,
TokenAccessLevels DesiredAccess,
out IntPtr TokenHandle);
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class Privileges
{
private static readonly UInt32 TOKEN_PRIVILEGES = 3;
public static bool CheckPrivilegeName(string name)
{
NativeHelpers.LUID luid;
if (!NativeMethods.LookupPrivilegeValue(null, name, out luid))
{
int errCode = Marshal.GetLastWin32Error();
if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE
throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name));
return false;
}
else
{
return true;
}
}
public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege)
{
return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } });
}
public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token)
{
return AdjustTokenPrivileges(token, null);
}
public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege)
{
return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } });
}
public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token)
{
IntPtr hToken = IntPtr.Zero;
if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken))
throw new Win32Exception("OpenProcessToken() failed");
Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>();
try
{
UInt32 tokenLength = 0;
NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength);
NativeHelpers.LUID_AND_ATTRIBUTES[] privileges;
IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength);
try
{
if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength))
throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed");
NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES));
privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount];
PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount)));
}
finally
{
Marshal.FreeHGlobal(privilegesPtr);
}
info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes);
}
finally
{
NativeMethods.CloseHandle(hToken);
}
return info;
}
public static SafeWaitHandle GetCurrentProcess()
{
return NativeMethods.GetCurrentProcess();
}
public static void RemovePrivilege(SafeHandle token, string privilege)
{
SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } });
}
public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state)
{
NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count];
int i = 0;
foreach (KeyValuePair<string, bool?> entry in state)
{
NativeHelpers.LUID luid;
if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid))
throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key));
PrivilegeAttributes attributes;
switch (entry.Value)
{
case true:
attributes = PrivilegeAttributes.Enabled;
break;
case false:
attributes = PrivilegeAttributes.Disabled;
break;
default:
attributes = PrivilegeAttributes.Removed;
break;
}
privilegeAttr[i].Luid = luid;
privilegeAttr[i].Attributes = attributes;
i++;
}
return AdjustTokenPrivileges(token, privilegeAttr);
}
private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState)
{
bool disableAllPrivileges;
IntPtr newStatePtr;
NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges;
UInt32 returnLength;
if (newState == null)
{
disableAllPrivileges = true;
newStatePtr = IntPtr.Zero;
}
else
{
disableAllPrivileges = false;
// Need to manually marshal the bytes requires for newState as the constant size
// of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES
// always contains at least 1 entry so we need to calculate the extra size if there are
// nore than 1 LUID_AND_ATTRIBUTES entry
int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES));
int luidAttrSize = 0;
if (newState.Length > 1)
luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1);
int totalSize = tokenPrivilegesSize + luidAttrSize;
byte[] newStateBytes = new byte[totalSize];
// get the first entry that includes the struct details
NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES()
{
PrivilegeCount = (UInt32)newState.Length,
Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1],
};
if (newState.Length > 0)
tokenPrivileges.Privileges[0] = newState[0];
int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0);
// copy the remaining LUID_AND_ATTRIBUTES (if any)
for (int i = 1; i < newState.Length; i++)
offset += StructureToBytes(newState[i], newStateBytes, offset);
// finally create the pointer to the byte array we just created
newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length);
Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length);
}
try
{
IntPtr hToken = IntPtr.Zero;
if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken))
throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges");
try
{
IntPtr oldStatePtr = Marshal.AllocHGlobal(0);
if (!NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength))
{
int errCode = Marshal.GetLastWin32Error();
if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER
throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size");
}
// resize the oldStatePtr based on the length returned from Windows
Marshal.FreeHGlobal(oldStatePtr);
oldStatePtr = Marshal.AllocHGlobal((int)returnLength);
try
{
bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength);
int errCode = Marshal.GetLastWin32Error();
// even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code
if (!res || errCode != 0)
throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed");
// Marshal the oldStatePtr to the struct
NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES));
oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount];
PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount)));
}
finally
{
Marshal.FreeHGlobal(oldStatePtr);
}
}
finally
{
NativeMethods.CloseHandle(hToken);
}
}
finally
{
if (newStatePtr != IntPtr.Zero)
Marshal.FreeHGlobal(newStatePtr);
}
return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled));
}
private static string GetPrivilegeName(NativeHelpers.LUID luid)
{
UInt32 nameLen = 0;
NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen);
StringBuilder name = new StringBuilder((int)(nameLen + 1));
if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen))
throw new Win32Exception("LookupPrivilegeName() failed");
return name.ToString();
}
private static void PtrToStructureArray<T>(T[] array, IntPtr ptr)
{
IntPtr ptrOffset = ptr;
for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T))))
array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T));
}
private static int StructureToBytes<T>(T structure, byte[] array, int offset)
{
int size = Marshal.SizeOf(structure);
IntPtr structPtr = Marshal.AllocHGlobal(size);
try
{
Marshal.StructureToPtr(structure, structPtr, false);
Marshal.Copy(structPtr, array, offset, size);
}
finally
{
Marshal.FreeHGlobal(structPtr);
}
return size;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 3223 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $link_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=36ae9145-e475-408d-b2a7-28094b42fc01
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=03aa5ca0-eb01-4525-b132-f48f755cf32c
PipelineId=8
ScriptName=
CommandLine= Add-Type -TypeDefinition $link_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections.Generic;
using System.IO;
using System.Runtime.InteropServices;
using System.Text;
namespace Ansible
{
public enum LinkType
{
SymbolicLink,
JunctionPoint,
HardLink
}
public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); }
}
public class LinkInfo
{
public LinkType Type { get; internal set; }
public string PrintName { get; internal set; }
public string SubstituteName { get; internal set; }
public string AbsolutePath { get; internal set; }
public string TargetPath { get; internal set; }
public string[] HardTargets { get; internal set; }
}
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct REPARSE_DATA_BUFFER
{
public UInt32 ReparseTag;
public UInt16 ReparseDataLength;
public UInt16 Reserved;
public UInt16 SubstituteNameOffset;
public UInt16 SubstituteNameLength;
public UInt16 PrintNameOffset;
public UInt16 PrintNameLength;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)]
public char[] PathBuffer;
}
public class LinkUtil
{
public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16;
private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000;
private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000;
private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8;
private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4;
private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000;
private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003;
private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C;
private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001;
private const Int64 INVALID_HANDLE_VALUE = -1;
private const UInt32 SIZE_OF_WCHAR = 2;
private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000;
private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001;
[DllImport("kernel32.dll", CharSet = CharSet.Auto)]
private static extern SafeFileHandle CreateFile(
string lpFileName,
[MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess,
[MarshalAs(UnmanagedType.U4)] FileShare dwShareMode,
IntPtr lpSecurityAttributes,
[MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition,
UInt32 dwFlagsAndAttributes,
IntPtr hTemplateFile);
// Used by GetReparsePointInfo()
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool DeviceIoControl(
SafeFileHandle hDevice,
UInt32 dwIoControlCode,
IntPtr lpInBuffer,
UInt32 nInBufferSize,
out REPARSE_DATA_BUFFER lpOutBuffer,
UInt32 nOutBufferSize,
out UInt32 lpBytesReturned,
IntPtr lpOverlapped);
// Used by CreateJunctionPoint()
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool DeviceIoControl(
SafeFileHandle hDevice,
UInt32 dwIoControlCode,
REPARSE_DATA_BUFFER lpInBuffer,
UInt32 nInBufferSize,
IntPtr lpOutBuffer,
UInt32 nOutBufferSize,
out UInt32 lpBytesReturned,
IntPtr lpOverlapped);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool GetVolumePathName(
string lpszFileName,
StringBuilder lpszVolumePathName,
ref UInt32 cchBufferLength);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern IntPtr FindFirstFileNameW(
string lpFileName,
UInt32 dwFlags,
ref UInt32 StringLength,
StringBuilder LinkName);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool FindNextFileNameW(
IntPtr hFindStream,
ref UInt32 StringLength,
StringBuilder LinkName);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool FindClose(
IntPtr hFindFile);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool RemoveDirectory(
string lpPathName);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool DeleteFile(
string lpFileName);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool CreateSymbolicLink(
string lpSymlinkFileName,
string lpTargetFileName,
UInt32 dwFlags);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool CreateHardLink(
string lpFileName,
string lpExistingFileName,
IntPtr lpSecurityAttributes);
public static LinkInfo GetLinkInfo(string linkPath)
{
FileAttributes attr = File.GetAttributes(linkPath);
if (attr.HasFlag(FileAttributes.ReparsePoint))
return GetReparsePointInfo(linkPath);
if (!attr.HasFlag(FileAttributes.Directory))
return GetHardLinkInfo(linkPath);
return null;
}
public static void DeleteLink(string linkPath)
{
bool success;
FileAttributes attr = File.GetAttributes(linkPath);
if (attr.HasFlag(FileAttributes.Directory))
{
success = RemoveDirectory(linkPath);
}
else
{
success = DeleteFile(linkPath);
}
if (!success)
throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath));
}
public static void CreateLink(string linkPath, String linkTarget, LinkType linkType)
{
switch (linkType)
{
case LinkType.SymbolicLink:
UInt32 linkFlags;
FileAttributes attr = File.GetAttributes(linkTarget);
if (attr.HasFlag(FileAttributes.Directory))
linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY;
else
linkFlags = SYMBOLIC_LINK_FLAG_FILE;
if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags))
throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags));
break;
case LinkType.JunctionPoint:
CreateJunctionPoint(linkPath, linkTarget);
break;
case LinkType.HardLink:
if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero))
throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget));
break;
}
}
private static LinkInfo GetHardLinkInfo(string linkPath)
{
UInt32 maxPath = 260;
List<string> result = new List<string>();
StringBuilder sb = new StringBuilder((int)maxPath);
UInt32 stringLength = maxPath;
if (!GetVolumePathName(linkPath, sb, ref stringLength))
throw new LinkUtilWin32Exception("GetVolumePathName() failed");
string volume = sb.ToString();
stringLength = maxPath;
IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb);
if (findHandle.ToInt64() != INVALID_HANDLE_VALUE)
{
try
{
do
{
string hardLinkPath = sb.ToString();
if (hardLinkPath.StartsWith("\\"))
hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1);
result.Add(Path.Combine(volume, hardLinkPath));
stringLength = maxPath;
} while (FindNextFileNameW(findHandle, ref stringLength, sb));
}
finally
{
FindClose(findHandle);
}
}
if (result.Count > 1)
return new LinkInfo
{
Type = LinkType.HardLink,
HardTargets = result.ToArray()
};
return null;
}
private static LinkInfo GetReparsePointInfo(string linkPath)
{
SafeFileHandle fileHandle = CreateFile(
linkPath,
FileAccess.Read,
FileShare.None,
IntPtr.Zero,
FileMode.Open,
FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS,
IntPtr.Zero);
if (fileHandle.IsInvalid)
throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath));
REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER();
UInt32 bytesReturned;
try
{
if (!DeviceIoControl(
fileHandle,
FSCTL_GET_REPARSE_POINT,
IntPtr.Zero,
0,
out buffer,
MAXIMUM_REPARSE_DATA_BUFFER_SIZE,
out bytesReturned,
IntPtr.Zero))
throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath));
}
finally
{
fileHandle.Dispose();
}
bool isRelative = false;
int pathOffset = 0;
LinkType linkType;
if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK)
{
UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]);
if (bufferFlags == SYMLINK_FLAG_RELATIVE)
isRelative = true;
pathOffset = 2;
linkType = LinkType.SymbolicLink;
}
else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT)
{
linkType = LinkType.JunctionPoint;
}
else
{
string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString());
throw new Exception(errorMessage);
}
string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR));
string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR));
// TODO: should we check for \?\UNC\server for convert it to the NT style \\server path
// Remove the leading Windows object directory \?\ from the path if present
string targetPath = substituteName;
if (targetPath.StartsWith("\\??\\"))
targetPath = targetPath.Substring(4, targetPath.Length - 4);
string absolutePath = targetPath;
if (isRelative)
absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath));
return new LinkInfo
{
Type = linkType,
PrintName = printName,
SubstituteName = substituteName,
AbsolutePath = absolutePath,
TargetPath = targetPath
};
}
private static void CreateJunctionPoint(string linkPath, string linkTarget)
{
// We need to create the link as a dir beforehand
Directory.CreateDirectory(linkPath);
SafeFileHandle fileHandle = CreateFile(
linkPath,
FileAccess.Write,
FileShare.Read | FileShare.Write | FileShare.None,
IntPtr.Zero,
FileMode.Open,
FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT,
IntPtr.Zero);
if (fileHandle.IsInvalid)
throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath));
try
{
string substituteName = "\\??\\" + Path.GetFullPath(linkTarget);
string printName = linkTarget;
REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER();
buffer.SubstituteNameOffset = 0;
buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR);
buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2);
buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR);
buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT;
buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12);
buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE];
byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName);
char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes);
Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length);
UInt32 bytesReturned;
if (!DeviceIoControl(
fileHandle,
FSCTL_SET_REPARSE_POINT,
buffer,
(UInt32)(buffer.ReparseDataLength + 8),
IntPtr.Zero, 0,
out bytesReturned,
IntPtr.Zero))
throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget));
}
finally
{
fileHandle.Dispose();
}
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 3222 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=36ae9145-e475-408d-b2a7-28094b42fc01
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=03aa5ca0-eb01-4525-b132-f48f755cf32c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3221 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=36ae9145-e475-408d-b2a7-28094b42fc01
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3220 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=36ae9145-e475-408d-b2a7-28094b42fc01
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3219 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=36ae9145-e475-408d-b2a7-28094b42fc01
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3218 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=36ae9145-e475-408d-b2a7-28094b42fc01
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3217 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=36ae9145-e475-408d-b2a7-28094b42fc01
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3216 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=36ae9145-e475-408d-b2a7-28094b42fc01
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3215 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=36ae9145-e475-408d-b2a7-28094b42fc01
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3214 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=36ae9145-e475-408d-b2a7-28094b42fc01
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3213 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b1695a8f-75ce-402f-af66-316d4e617bb2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=caea0b86-148b-4368-adad-82564aa24446
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3212 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b1695a8f-75ce-402f-af66-316d4e617bb2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3211 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b1695a8f-75ce-402f-af66-316d4e617bb2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3210 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b1695a8f-75ce-402f-af66-316d4e617bb2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3209 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b1695a8f-75ce-402f-af66-316d4e617bb2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3208 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b1695a8f-75ce-402f-af66-316d4e617bb2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3207 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b1695a8f-75ce-402f-af66-316d4e617bb2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3206 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0ca65281-74cd-4cc0-a499-a480a50a5b59
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=6e059532-d6c6-40cf-8eb9-10c90894461a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3205 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7db56e98-7bda-4260-a60d-1c1a7834b2a2
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABjAGkAbgBkAGUAcgAtAHYAbwBsAHUAbQBlACAAfAAgACUAewAkAF8ALgBTAHQAYQB0AHUAcwB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=6599fb83-85df-41b0-96fc-2a80c2cf4fbc
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3204 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7db56e98-7bda-4260-a60d-1c1a7834b2a2
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABjAGkAbgBkAGUAcgAtAHYAbwBsAHUAbQBlACAAfAAgACUAewAkAF8ALgBTAHQAYQB0AHUAcwB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=6599fb83-85df-41b0-96fc-2a80c2cf4fbc
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3203 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7db56e98-7bda-4260-a60d-1c1a7834b2a2
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABjAGkAbgBkAGUAcgAtAHYAbwBsAHUAbQBlACAAfAAgACUAewAkAF8ALgBTAHQAYQB0AHUAcwB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3202 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7db56e98-7bda-4260-a60d-1c1a7834b2a2
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABjAGkAbgBkAGUAcgAtAHYAbwBsAHUAbQBlACAAfAAgACUAewAkAF8ALgBTAHQAYQB0AHUAcwB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3201 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7db56e98-7bda-4260-a60d-1c1a7834b2a2
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABjAGkAbgBkAGUAcgAtAHYAbwBsAHUAbQBlACAAfAAgACUAewAkAF8ALgBTAHQAYQB0AHUAcwB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3200 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7db56e98-7bda-4260-a60d-1c1a7834b2a2
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABjAGkAbgBkAGUAcgAtAHYAbwBsAHUAbQBlACAAfAAgACUAewAkAF8ALgBTAHQAYQB0AHUAcwB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3199 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7db56e98-7bda-4260-a60d-1c1a7834b2a2
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABjAGkAbgBkAGUAcgAtAHYAbwBsAHUAbQBlACAAfAAgACUAewAkAF8ALgBTAHQAYQB0AHUAcwB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3198 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7db56e98-7bda-4260-a60d-1c1a7834b2a2
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABjAGkAbgBkAGUAcgAtAHYAbwBsAHUAbQBlACAAfAAgACUAewAkAF8ALgBTAHQAYQB0AHUAcwB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3197 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bf7142a9-0b45-4070-85c9-96d796dedb45
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=4226b157-8c36-4b4e-a477-1c095f0b67fb
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 3196 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bf7142a9-0b45-4070-85c9-96d796dedb45
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=4226b157-8c36-4b4e-a477-1c095f0b67fb
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3195 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bf7142a9-0b45-4070-85c9-96d796dedb45
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3194 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bf7142a9-0b45-4070-85c9-96d796dedb45
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3193 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bf7142a9-0b45-4070-85c9-96d796dedb45
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3192 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bf7142a9-0b45-4070-85c9-96d796dedb45
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3191 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bf7142a9-0b45-4070-85c9-96d796dedb45
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3190 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bf7142a9-0b45-4070-85c9-96d796dedb45
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3189 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bf7142a9-0b45-4070-85c9-96d796dedb45
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3188 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bf7142a9-0b45-4070-85c9-96d796dedb45
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3187 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0ca65281-74cd-4cc0-a499-a480a50a5b59
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=6e059532-d6c6-40cf-8eb9-10c90894461a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3186 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0ca65281-74cd-4cc0-a499-a480a50a5b59
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3185 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0ca65281-74cd-4cc0-a499-a480a50a5b59
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3184 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0ca65281-74cd-4cc0-a499-a480a50a5b59
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3183 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0ca65281-74cd-4cc0-a499-a480a50a5b59
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3182 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0ca65281-74cd-4cc0-a499-a480a50a5b59
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3181 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0ca65281-74cd-4cc0-a499-a480a50a5b59
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3180 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=37
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=75a10868-ce53-49f1-b544-3c478089ab11
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=d616bb88-01bf-4c0b-9a04-37979eaeaf93
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3179 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $platform_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=35
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6bc41f38-209e-4a3d-b687-6689e5d1b228
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=3e91dace-193d-4633-a346-4e2dbb315996
PipelineId=8
ScriptName=
CommandLine= Add-Type -TypeDefinition $platform_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.InteropServices;
using System.Security.Principal;
using System.Text;
namespace Ansible.PrivilegeUtil
{
[Flags]
public enum PrivilegeAttributes : uint
{
Disabled = 0x00000000,
EnabledByDefault = 0x00000001,
Enabled = 0x00000002,
Removed = 0x00000004,
UsedForAccess = 0x80000000,
}
internal class NativeHelpers
{
[StructLayout(LayoutKind.Sequential)]
internal struct LUID
{
public UInt32 LowPart;
public Int32 HighPart;
}
[StructLayout(LayoutKind.Sequential)]
internal struct LUID_AND_ATTRIBUTES
{
public LUID Luid;
public PrivilegeAttributes Attributes;
}
[StructLayout(LayoutKind.Sequential)]
internal struct TOKEN_PRIVILEGES
{
public UInt32 PrivilegeCount;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)]
public LUID_AND_ATTRIBUTES[] Privileges;
}
}
internal class NativeMethods
{
[DllImport("advapi32.dll", SetLastError = true)]
internal static extern bool AdjustTokenPrivileges(
IntPtr TokenHandle,
[MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges,
IntPtr NewState,
UInt32 BufferLength,
IntPtr PreviousState,
out UInt32 ReturnLength);
[DllImport("kernel32.dll")]
internal static extern bool CloseHandle(
IntPtr hObject);
[DllImport("kernel32")]
internal static extern SafeWaitHandle GetCurrentProcess();
[DllImport("advapi32.dll", SetLastError = true)]
internal static extern bool GetTokenInformation(
IntPtr TokenHandle,
UInt32 TokenInformationClass,
IntPtr TokenInformation,
UInt32 TokenInformationLength,
out UInt32 ReturnLength);
[DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
internal static extern bool LookupPrivilegeName(
string lpSystemName,
ref NativeHelpers.LUID lpLuid,
StringBuilder lpName,
ref UInt32 cchName);
[DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
internal static extern bool LookupPrivilegeValue(
string lpSystemName,
string lpName,
out NativeHelpers.LUID lpLuid);
[DllImport("advapi32.dll", SetLastError = true)]
internal static extern bool OpenProcessToken(
SafeHandle ProcessHandle,
TokenAccessLevels DesiredAccess,
out IntPtr TokenHandle);
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class Privileges
{
private static readonly UInt32 TOKEN_PRIVILEGES = 3;
public static bool CheckPrivilegeName(string name)
{
NativeHelpers.LUID luid;
if (!NativeMethods.LookupPrivilegeValue(null, name, out luid))
{
int errCode = Marshal.GetLastWin32Error();
if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE
throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name));
return false;
}
else
{
return true;
}
}
public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege)
{
return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } });
}
public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token)
{
return AdjustTokenPrivileges(token, null);
}
public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege)
{
return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } });
}
public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token)
{
IntPtr hToken = IntPtr.Zero;
if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken))
throw new Win32Exception("OpenProcessToken() failed");
Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>();
try
{
UInt32 tokenLength = 0;
NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength);
NativeHelpers.LUID_AND_ATTRIBUTES[] privileges;
IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength);
try
{
if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength))
throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed");
NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES));
privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount];
PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount)));
}
finally
{
Marshal.FreeHGlobal(privilegesPtr);
}
info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes);
}
finally
{
NativeMethods.CloseHandle(hToken);
}
return info;
}
public static SafeWaitHandle GetCurrentProcess()
{
return NativeMethods.GetCurrentProcess();
}
public static void RemovePrivilege(SafeHandle token, string privilege)
{
SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } });
}
public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state)
{
NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count];
int i = 0;
foreach (KeyValuePair<string, bool?> entry in state)
{
NativeHelpers.LUID luid;
if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid))
throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key));
PrivilegeAttributes attributes;
switch (entry.Value)
{
case true:
attributes = PrivilegeAttributes.Enabled;
break;
case false:
attributes = PrivilegeAttributes.Disabled;
break;
default:
attributes = PrivilegeAttributes.Removed;
break;
}
privilegeAttr[i].Luid = luid;
privilegeAttr[i].Attributes = attributes;
i++;
}
return AdjustTokenPrivileges(token, privilegeAttr);
}
private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState)
{
bool disableAllPrivileges;
IntPtr newStatePtr;
NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges;
UInt32 returnLength;
if (newState == null)
{
disableAllPrivileges = true;
newStatePtr = IntPtr.Zero;
}
else
{
disableAllPrivileges = false;
// Need to manually marshal the bytes requires for newState as the constant size
// of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES
// always contains at least 1 entry so we need to calculate the extra size if there are
// nore than 1 LUID_AND_ATTRIBUTES entry
int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES));
int luidAttrSize = 0;
if (newState.Length > 1)
luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1);
int totalSize = tokenPrivilegesSize + luidAttrSize;
byte[] newStateBytes = new byte[totalSize];
// get the first entry that includes the struct details
NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES()
{
PrivilegeCount = (UInt32)newState.Length,
Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1],
};
if (newState.Length > 0)
tokenPrivileges.Privileges[0] = newState[0];
int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0);
// copy the remaining LUID_AND_ATTRIBUTES (if any)
for (int i = 1; i < newState.Length; i++)
offset += StructureToBytes(newState[i], newStateBytes, offset);
// finally create the pointer to the byte array we just created
newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length);
Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length);
}
try
{
IntPtr hToken = IntPtr.Zero;
if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken))
throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges");
try
{
IntPtr oldStatePtr = Marshal.AllocHGlobal(0);
if (!NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength))
{
int errCode = Marshal.GetLastWin32Error();
if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER
throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size");
}
// resize the oldStatePtr based on the length returned from Windows
Marshal.FreeHGlobal(oldStatePtr);
oldStatePtr = Marshal.AllocHGlobal((int)returnLength);
try
{
bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength);
int errCode = Marshal.GetLastWin32Error();
// even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code
if (!res || errCode != 0)
throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed");
// Marshal the oldStatePtr to the struct
NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES));
oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount];
PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount)));
}
finally
{
Marshal.FreeHGlobal(oldStatePtr);
}
}
finally
{
NativeMethods.CloseHandle(hToken);
}
}
finally
{
if (newStatePtr != IntPtr.Zero)
Marshal.FreeHGlobal(newStatePtr);
}
return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled));
}
private static string GetPrivilegeName(NativeHelpers.LUID luid)
{
UInt32 nameLen = 0;
NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen);
StringBuilder name = new StringBuilder((int)(nameLen + 1));
if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen))
throw new Win32Exception("LookupPrivilegeName() failed");
return name.ToString();
}
private static void PtrToStructureArray<T>(T[] array, IntPtr ptr)
{
IntPtr ptrOffset = ptr;
for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T))))
array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T));
}
private static int StructureToBytes<T>(T structure, byte[] array, int offset)
{
int size = Marshal.SizeOf(structure);
IntPtr structPtr = Marshal.AllocHGlobal(size);
try
{
Marshal.StructureToPtr(structure, structPtr, false);
Marshal.Copy(structPtr, array, offset, size);
}
finally
{
Marshal.FreeHGlobal(structPtr);
}
return size;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 3178 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $link_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6bc41f38-209e-4a3d-b687-6689e5d1b228
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=3e91dace-193d-4633-a346-4e2dbb315996
PipelineId=8
ScriptName=
CommandLine= Add-Type -TypeDefinition $link_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections.Generic;
using System.IO;
using System.Runtime.InteropServices;
using System.Text;
namespace Ansible
{
public enum LinkType
{
SymbolicLink,
JunctionPoint,
HardLink
}
public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); }
}
public class LinkInfo
{
public LinkType Type { get; internal set; }
public string PrintName { get; internal set; }
public string SubstituteName { get; internal set; }
public string AbsolutePath { get; internal set; }
public string TargetPath { get; internal set; }
public string[] HardTargets { get; internal set; }
}
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct REPARSE_DATA_BUFFER
{
public UInt32 ReparseTag;
public UInt16 ReparseDataLength;
public UInt16 Reserved;
public UInt16 SubstituteNameOffset;
public UInt16 SubstituteNameLength;
public UInt16 PrintNameOffset;
public UInt16 PrintNameLength;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)]
public char[] PathBuffer;
}
public class LinkUtil
{
public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16;
private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000;
private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000;
private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8;
private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4;
private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000;
private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003;
private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C;
private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001;
private const Int64 INVALID_HANDLE_VALUE = -1;
private const UInt32 SIZE_OF_WCHAR = 2;
private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000;
private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001;
[DllImport("kernel32.dll", CharSet = CharSet.Auto)]
private static extern SafeFileHandle CreateFile(
string lpFileName,
[MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess,
[MarshalAs(UnmanagedType.U4)] FileShare dwShareMode,
IntPtr lpSecurityAttributes,
[MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition,
UInt32 dwFlagsAndAttributes,
IntPtr hTemplateFile);
// Used by GetReparsePointInfo()
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool DeviceIoControl(
SafeFileHandle hDevice,
UInt32 dwIoControlCode,
IntPtr lpInBuffer,
UInt32 nInBufferSize,
out REPARSE_DATA_BUFFER lpOutBuffer,
UInt32 nOutBufferSize,
out UInt32 lpBytesReturned,
IntPtr lpOverlapped);
// Used by CreateJunctionPoint()
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool DeviceIoControl(
SafeFileHandle hDevice,
UInt32 dwIoControlCode,
REPARSE_DATA_BUFFER lpInBuffer,
UInt32 nInBufferSize,
IntPtr lpOutBuffer,
UInt32 nOutBufferSize,
out UInt32 lpBytesReturned,
IntPtr lpOverlapped);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool GetVolumePathName(
string lpszFileName,
StringBuilder lpszVolumePathName,
ref UInt32 cchBufferLength);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern IntPtr FindFirstFileNameW(
string lpFileName,
UInt32 dwFlags,
ref UInt32 StringLength,
StringBuilder LinkName);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool FindNextFileNameW(
IntPtr hFindStream,
ref UInt32 StringLength,
StringBuilder LinkName);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool FindClose(
IntPtr hFindFile);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool RemoveDirectory(
string lpPathName);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool DeleteFile(
string lpFileName);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool CreateSymbolicLink(
string lpSymlinkFileName,
string lpTargetFileName,
UInt32 dwFlags);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool CreateHardLink(
string lpFileName,
string lpExistingFileName,
IntPtr lpSecurityAttributes);
public static LinkInfo GetLinkInfo(string linkPath)
{
FileAttributes attr = File.GetAttributes(linkPath);
if (attr.HasFlag(FileAttributes.ReparsePoint))
return GetReparsePointInfo(linkPath);
if (!attr.HasFlag(FileAttributes.Directory))
return GetHardLinkInfo(linkPath);
return null;
}
public static void DeleteLink(string linkPath)
{
bool success;
FileAttributes attr = File.GetAttributes(linkPath);
if (attr.HasFlag(FileAttributes.Directory))
{
success = RemoveDirectory(linkPath);
}
else
{
success = DeleteFile(linkPath);
}
if (!success)
throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath));
}
public static void CreateLink(string linkPath, String linkTarget, LinkType linkType)
{
switch (linkType)
{
case LinkType.SymbolicLink:
UInt32 linkFlags;
FileAttributes attr = File.GetAttributes(linkTarget);
if (attr.HasFlag(FileAttributes.Directory))
linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY;
else
linkFlags = SYMBOLIC_LINK_FLAG_FILE;
if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags))
throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags));
break;
case LinkType.JunctionPoint:
CreateJunctionPoint(linkPath, linkTarget);
break;
case LinkType.HardLink:
if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero))
throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget));
break;
}
}
private static LinkInfo GetHardLinkInfo(string linkPath)
{
UInt32 maxPath = 260;
List<string> result = new List<string>();
StringBuilder sb = new StringBuilder((int)maxPath);
UInt32 stringLength = maxPath;
if (!GetVolumePathName(linkPath, sb, ref stringLength))
throw new LinkUtilWin32Exception("GetVolumePathName() failed");
string volume = sb.ToString();
stringLength = maxPath;
IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb);
if (findHandle.ToInt64() != INVALID_HANDLE_VALUE)
{
try
{
do
{
string hardLinkPath = sb.ToString();
if (hardLinkPath.StartsWith("\\"))
hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1);
result.Add(Path.Combine(volume, hardLinkPath));
stringLength = maxPath;
} while (FindNextFileNameW(findHandle, ref stringLength, sb));
}
finally
{
FindClose(findHandle);
}
}
if (result.Count > 1)
return new LinkInfo
{
Type = LinkType.HardLink,
HardTargets = result.ToArray()
};
return null;
}
private static LinkInfo GetReparsePointInfo(string linkPath)
{
SafeFileHandle fileHandle = CreateFile(
linkPath,
FileAccess.Read,
FileShare.None,
IntPtr.Zero,
FileMode.Open,
FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS,
IntPtr.Zero);
if (fileHandle.IsInvalid)
throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath));
REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER();
UInt32 bytesReturned;
try
{
if (!DeviceIoControl(
fileHandle,
FSCTL_GET_REPARSE_POINT,
IntPtr.Zero,
0,
out buffer,
MAXIMUM_REPARSE_DATA_BUFFER_SIZE,
out bytesReturned,
IntPtr.Zero))
throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath));
}
finally
{
fileHandle.Dispose();
}
bool isRelative = false;
int pathOffset = 0;
LinkType linkType;
if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK)
{
UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]);
if (bufferFlags == SYMLINK_FLAG_RELATIVE)
isRelative = true;
pathOffset = 2;
linkType = LinkType.SymbolicLink;
}
else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT)
{
linkType = LinkType.JunctionPoint;
}
else
{
string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString());
throw new Exception(errorMessage);
}
string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR));
string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR));
// TODO: should we check for \?\UNC\server for convert it to the NT style \\server path
// Remove the leading Windows object directory \?\ from the path if present
string targetPath = substituteName;
if (targetPath.StartsWith("\\??\\"))
targetPath = targetPath.Substring(4, targetPath.Length - 4);
string absolutePath = targetPath;
if (isRelative)
absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath));
return new LinkInfo
{
Type = linkType,
PrintName = printName,
SubstituteName = substituteName,
AbsolutePath = absolutePath,
TargetPath = targetPath
};
}
private static void CreateJunctionPoint(string linkPath, string linkTarget)
{
// We need to create the link as a dir beforehand
Directory.CreateDirectory(linkPath);
SafeFileHandle fileHandle = CreateFile(
linkPath,
FileAccess.Write,
FileShare.Read | FileShare.Write | FileShare.None,
IntPtr.Zero,
FileMode.Open,
FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT,
IntPtr.Zero);
if (fileHandle.IsInvalid)
throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath));
try
{
string substituteName = "\\??\\" + Path.GetFullPath(linkTarget);
string printName = linkTarget;
REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER();
buffer.SubstituteNameOffset = 0;
buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR);
buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2);
buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR);
buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT;
buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12);
buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE];
byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName);
char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes);
Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length);
UInt32 bytesReturned;
if (!DeviceIoControl(
fileHandle,
FSCTL_SET_REPARSE_POINT,
buffer,
(UInt32)(buffer.ReparseDataLength + 8),
IntPtr.Zero, 0,
out bytesReturned,
IntPtr.Zero))
throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget));
}
finally
{
fileHandle.Dispose();
}
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 3177 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6bc41f38-209e-4a3d-b687-6689e5d1b228
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=3e91dace-193d-4633-a346-4e2dbb315996
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3176 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6bc41f38-209e-4a3d-b687-6689e5d1b228
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3175 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6bc41f38-209e-4a3d-b687-6689e5d1b228
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3174 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6bc41f38-209e-4a3d-b687-6689e5d1b228
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3173 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6bc41f38-209e-4a3d-b687-6689e5d1b228
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3172 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6bc41f38-209e-4a3d-b687-6689e5d1b228
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3171 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6bc41f38-209e-4a3d-b687-6689e5d1b228
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3170 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6bc41f38-209e-4a3d-b687-6689e5d1b228
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3169 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6bc41f38-209e-4a3d-b687-6689e5d1b228
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3168 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=75a10868-ce53-49f1-b544-3c478089ab11
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=d616bb88-01bf-4c0b-9a04-37979eaeaf93
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3167 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=75a10868-ce53-49f1-b544-3c478089ab11
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3166 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=75a10868-ce53-49f1-b544-3c478089ab11
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3165 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=75a10868-ce53-49f1-b544-3c478089ab11
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3164 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=75a10868-ce53-49f1-b544-3c478089ab11
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3163 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=75a10868-ce53-49f1-b544-3c478089ab11
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3162 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=75a10868-ce53-49f1-b544-3c478089ab11
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3161 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=776e0513-d34c-4a99-9289-c0927f545974
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=2d8cf78e-afbf-4f34-b112-257b12a6f93d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3160 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=75dadbce-b524-45fb-8f2a-0e6beadc8331
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAG8AdgBhAC0AYwBvAG0AcAB1AHQAZQAgAHwAIAAlAHsAJABfAC4AUwB0AGEAdAB1AHMAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=df4305aa-7a17-418d-89e4-78189d382a7b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3159 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=75dadbce-b524-45fb-8f2a-0e6beadc8331
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAG8AdgBhAC0AYwBvAG0AcAB1AHQAZQAgAHwAIAAlAHsAJABfAC4AUwB0AGEAdAB1AHMAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=df4305aa-7a17-418d-89e4-78189d382a7b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3158 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=75dadbce-b524-45fb-8f2a-0e6beadc8331
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAG8AdgBhAC0AYwBvAG0AcAB1AHQAZQAgAHwAIAAlAHsAJABfAC4AUwB0AGEAdAB1AHMAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3157 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=75dadbce-b524-45fb-8f2a-0e6beadc8331
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAG8AdgBhAC0AYwBvAG0AcAB1AHQAZQAgAHwAIAAlAHsAJABfAC4AUwB0AGEAdAB1AHMAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3156 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=75dadbce-b524-45fb-8f2a-0e6beadc8331
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAG8AdgBhAC0AYwBvAG0AcAB1AHQAZQAgAHwAIAAlAHsAJABfAC4AUwB0AGEAdAB1AHMAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3155 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=75dadbce-b524-45fb-8f2a-0e6beadc8331
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAG8AdgBhAC0AYwBvAG0AcAB1AHQAZQAgAHwAIAAlAHsAJABfAC4AUwB0AGEAdAB1AHMAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3154 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=75dadbce-b524-45fb-8f2a-0e6beadc8331
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAG8AdgBhAC0AYwBvAG0AcAB1AHQAZQAgAHwAIAAlAHsAJABfAC4AUwB0AGEAdAB1AHMAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3153 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=75dadbce-b524-45fb-8f2a-0e6beadc8331
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAG8AdgBhAC0AYwBvAG0AcAB1AHQAZQAgAHwAIAAlAHsAJABfAC4AUwB0AGEAdAB1AHMAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3152 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c5186334-9360-4d57-8490-426606f491be
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=a83315a7-0fa6-448f-8c2c-63527aec02bf
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 3151 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c5186334-9360-4d57-8490-426606f491be
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=a83315a7-0fa6-448f-8c2c-63527aec02bf
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3150 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c5186334-9360-4d57-8490-426606f491be
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3149 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c5186334-9360-4d57-8490-426606f491be
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3148 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c5186334-9360-4d57-8490-426606f491be
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3147 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c5186334-9360-4d57-8490-426606f491be
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3146 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c5186334-9360-4d57-8490-426606f491be
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3145 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c5186334-9360-4d57-8490-426606f491be
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3144 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c5186334-9360-4d57-8490-426606f491be
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3143 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c5186334-9360-4d57-8490-426606f491be
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3142 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=776e0513-d34c-4a99-9289-c0927f545974
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=2d8cf78e-afbf-4f34-b112-257b12a6f93d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3141 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=776e0513-d34c-4a99-9289-c0927f545974
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3140 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=776e0513-d34c-4a99-9289-c0927f545974
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3139 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=776e0513-d34c-4a99-9289-c0927f545974
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3138 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=776e0513-d34c-4a99-9289-c0927f545974
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3137 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=776e0513-d34c-4a99-9289-c0927f545974
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3136 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=776e0513-d34c-4a99-9289-c0927f545974
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3135 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=37
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb0845f7-2466-45ae-b22f-27f87139f3cd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=4b095082-c3e9-4c8b-aef3-4e67a0c2ef83
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3134 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $platform_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=35
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8fdcee75-afa0-4ec8-874c-f71a5231b3c4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=1f904f20-07be-4762-a932-90b549c7a092
PipelineId=8
ScriptName=
CommandLine= Add-Type -TypeDefinition $platform_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.InteropServices;
using System.Security.Principal;
using System.Text;
namespace Ansible.PrivilegeUtil
{
[Flags]
public enum PrivilegeAttributes : uint
{
Disabled = 0x00000000,
EnabledByDefault = 0x00000001,
Enabled = 0x00000002,
Removed = 0x00000004,
UsedForAccess = 0x80000000,
}
internal class NativeHelpers
{
[StructLayout(LayoutKind.Sequential)]
internal struct LUID
{
public UInt32 LowPart;
public Int32 HighPart;
}
[StructLayout(LayoutKind.Sequential)]
internal struct LUID_AND_ATTRIBUTES
{
public LUID Luid;
public PrivilegeAttributes Attributes;
}
[StructLayout(LayoutKind.Sequential)]
internal struct TOKEN_PRIVILEGES
{
public UInt32 PrivilegeCount;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)]
public LUID_AND_ATTRIBUTES[] Privileges;
}
}
internal class NativeMethods
{
[DllImport("advapi32.dll", SetLastError = true)]
internal static extern bool AdjustTokenPrivileges(
IntPtr TokenHandle,
[MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges,
IntPtr NewState,
UInt32 BufferLength,
IntPtr PreviousState,
out UInt32 ReturnLength);
[DllImport("kernel32.dll")]
internal static extern bool CloseHandle(
IntPtr hObject);
[DllImport("kernel32")]
internal static extern SafeWaitHandle GetCurrentProcess();
[DllImport("advapi32.dll", SetLastError = true)]
internal static extern bool GetTokenInformation(
IntPtr TokenHandle,
UInt32 TokenInformationClass,
IntPtr TokenInformation,
UInt32 TokenInformationLength,
out UInt32 ReturnLength);
[DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
internal static extern bool LookupPrivilegeName(
string lpSystemName,
ref NativeHelpers.LUID lpLuid,
StringBuilder lpName,
ref UInt32 cchName);
[DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
internal static extern bool LookupPrivilegeValue(
string lpSystemName,
string lpName,
out NativeHelpers.LUID lpLuid);
[DllImport("advapi32.dll", SetLastError = true)]
internal static extern bool OpenProcessToken(
SafeHandle ProcessHandle,
TokenAccessLevels DesiredAccess,
out IntPtr TokenHandle);
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class Privileges
{
private static readonly UInt32 TOKEN_PRIVILEGES = 3;
public static bool CheckPrivilegeName(string name)
{
NativeHelpers.LUID luid;
if (!NativeMethods.LookupPrivilegeValue(null, name, out luid))
{
int errCode = Marshal.GetLastWin32Error();
if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE
throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name));
return false;
}
else
{
return true;
}
}
public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege)
{
return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } });
}
public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token)
{
return AdjustTokenPrivileges(token, null);
}
public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege)
{
return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } });
}
public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token)
{
IntPtr hToken = IntPtr.Zero;
if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken))
throw new Win32Exception("OpenProcessToken() failed");
Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>();
try
{
UInt32 tokenLength = 0;
NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength);
NativeHelpers.LUID_AND_ATTRIBUTES[] privileges;
IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength);
try
{
if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength))
throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed");
NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES));
privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount];
PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount)));
}
finally
{
Marshal.FreeHGlobal(privilegesPtr);
}
info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes);
}
finally
{
NativeMethods.CloseHandle(hToken);
}
return info;
}
public static SafeWaitHandle GetCurrentProcess()
{
return NativeMethods.GetCurrentProcess();
}
public static void RemovePrivilege(SafeHandle token, string privilege)
{
SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } });
}
public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state)
{
NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count];
int i = 0;
foreach (KeyValuePair<string, bool?> entry in state)
{
NativeHelpers.LUID luid;
if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid))
throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key));
PrivilegeAttributes attributes;
switch (entry.Value)
{
case true:
attributes = PrivilegeAttributes.Enabled;
break;
case false:
attributes = PrivilegeAttributes.Disabled;
break;
default:
attributes = PrivilegeAttributes.Removed;
break;
}
privilegeAttr[i].Luid = luid;
privilegeAttr[i].Attributes = attributes;
i++;
}
return AdjustTokenPrivileges(token, privilegeAttr);
}
private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState)
{
bool disableAllPrivileges;
IntPtr newStatePtr;
NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges;
UInt32 returnLength;
if (newState == null)
{
disableAllPrivileges = true;
newStatePtr = IntPtr.Zero;
}
else
{
disableAllPrivileges = false;
// Need to manually marshal the bytes requires for newState as the constant size
// of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES
// always contains at least 1 entry so we need to calculate the extra size if there are
// nore than 1 LUID_AND_ATTRIBUTES entry
int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES));
int luidAttrSize = 0;
if (newState.Length > 1)
luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1);
int totalSize = tokenPrivilegesSize + luidAttrSize;
byte[] newStateBytes = new byte[totalSize];
// get the first entry that includes the struct details
NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES()
{
PrivilegeCount = (UInt32)newState.Length,
Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1],
};
if (newState.Length > 0)
tokenPrivileges.Privileges[0] = newState[0];
int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0);
// copy the remaining LUID_AND_ATTRIBUTES (if any)
for (int i = 1; i < newState.Length; i++)
offset += StructureToBytes(newState[i], newStateBytes, offset);
// finally create the pointer to the byte array we just created
newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length);
Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length);
}
try
{
IntPtr hToken = IntPtr.Zero;
if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken))
throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges");
try
{
IntPtr oldStatePtr = Marshal.AllocHGlobal(0);
if (!NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength))
{
int errCode = Marshal.GetLastWin32Error();
if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER
throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size");
}
// resize the oldStatePtr based on the length returned from Windows
Marshal.FreeHGlobal(oldStatePtr);
oldStatePtr = Marshal.AllocHGlobal((int)returnLength);
try
{
bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength);
int errCode = Marshal.GetLastWin32Error();
// even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code
if (!res || errCode != 0)
throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed");
// Marshal the oldStatePtr to the struct
NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES));
oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount];
PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount)));
}
finally
{
Marshal.FreeHGlobal(oldStatePtr);
}
}
finally
{
NativeMethods.CloseHandle(hToken);
}
}
finally
{
if (newStatePtr != IntPtr.Zero)
Marshal.FreeHGlobal(newStatePtr);
}
return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled));
}
private static string GetPrivilegeName(NativeHelpers.LUID luid)
{
UInt32 nameLen = 0;
NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen);
StringBuilder name = new StringBuilder((int)(nameLen + 1));
if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen))
throw new Win32Exception("LookupPrivilegeName() failed");
return name.ToString();
}
private static void PtrToStructureArray<T>(T[] array, IntPtr ptr)
{
IntPtr ptrOffset = ptr;
for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T))))
array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T));
}
private static int StructureToBytes<T>(T structure, byte[] array, int offset)
{
int size = Marshal.SizeOf(structure);
IntPtr structPtr = Marshal.AllocHGlobal(size);
try
{
Marshal.StructureToPtr(structure, structPtr, false);
Marshal.Copy(structPtr, array, offset, size);
}
finally
{
Marshal.FreeHGlobal(structPtr);
}
return size;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 3133 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $link_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8fdcee75-afa0-4ec8-874c-f71a5231b3c4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=1f904f20-07be-4762-a932-90b549c7a092
PipelineId=8
ScriptName=
CommandLine= Add-Type -TypeDefinition $link_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections.Generic;
using System.IO;
using System.Runtime.InteropServices;
using System.Text;
namespace Ansible
{
public enum LinkType
{
SymbolicLink,
JunctionPoint,
HardLink
}
public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); }
}
public class LinkInfo
{
public LinkType Type { get; internal set; }
public string PrintName { get; internal set; }
public string SubstituteName { get; internal set; }
public string AbsolutePath { get; internal set; }
public string TargetPath { get; internal set; }
public string[] HardTargets { get; internal set; }
}
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct REPARSE_DATA_BUFFER
{
public UInt32 ReparseTag;
public UInt16 ReparseDataLength;
public UInt16 Reserved;
public UInt16 SubstituteNameOffset;
public UInt16 SubstituteNameLength;
public UInt16 PrintNameOffset;
public UInt16 PrintNameLength;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)]
public char[] PathBuffer;
}
public class LinkUtil
{
public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16;
private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000;
private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000;
private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8;
private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4;
private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000;
private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003;
private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C;
private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001;
private const Int64 INVALID_HANDLE_VALUE = -1;
private const UInt32 SIZE_OF_WCHAR = 2;
private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000;
private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001;
[DllImport("kernel32.dll", CharSet = CharSet.Auto)]
private static extern SafeFileHandle CreateFile(
string lpFileName,
[MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess,
[MarshalAs(UnmanagedType.U4)] FileShare dwShareMode,
IntPtr lpSecurityAttributes,
[MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition,
UInt32 dwFlagsAndAttributes,
IntPtr hTemplateFile);
// Used by GetReparsePointInfo()
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool DeviceIoControl(
SafeFileHandle hDevice,
UInt32 dwIoControlCode,
IntPtr lpInBuffer,
UInt32 nInBufferSize,
out REPARSE_DATA_BUFFER lpOutBuffer,
UInt32 nOutBufferSize,
out UInt32 lpBytesReturned,
IntPtr lpOverlapped);
// Used by CreateJunctionPoint()
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool DeviceIoControl(
SafeFileHandle hDevice,
UInt32 dwIoControlCode,
REPARSE_DATA_BUFFER lpInBuffer,
UInt32 nInBufferSize,
IntPtr lpOutBuffer,
UInt32 nOutBufferSize,
out UInt32 lpBytesReturned,
IntPtr lpOverlapped);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool GetVolumePathName(
string lpszFileName,
StringBuilder lpszVolumePathName,
ref UInt32 cchBufferLength);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern IntPtr FindFirstFileNameW(
string lpFileName,
UInt32 dwFlags,
ref UInt32 StringLength,
StringBuilder LinkName);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool FindNextFileNameW(
IntPtr hFindStream,
ref UInt32 StringLength,
StringBuilder LinkName);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool FindClose(
IntPtr hFindFile);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool RemoveDirectory(
string lpPathName);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool DeleteFile(
string lpFileName);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool CreateSymbolicLink(
string lpSymlinkFileName,
string lpTargetFileName,
UInt32 dwFlags);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool CreateHardLink(
string lpFileName,
string lpExistingFileName,
IntPtr lpSecurityAttributes);
public static LinkInfo GetLinkInfo(string linkPath)
{
FileAttributes attr = File.GetAttributes(linkPath);
if (attr.HasFlag(FileAttributes.ReparsePoint))
return GetReparsePointInfo(linkPath);
if (!attr.HasFlag(FileAttributes.Directory))
return GetHardLinkInfo(linkPath);
return null;
}
public static void DeleteLink(string linkPath)
{
bool success;
FileAttributes attr = File.GetAttributes(linkPath);
if (attr.HasFlag(FileAttributes.Directory))
{
success = RemoveDirectory(linkPath);
}
else
{
success = DeleteFile(linkPath);
}
if (!success)
throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath));
}
public static void CreateLink(string linkPath, String linkTarget, LinkType linkType)
{
switch (linkType)
{
case LinkType.SymbolicLink:
UInt32 linkFlags;
FileAttributes attr = File.GetAttributes(linkTarget);
if (attr.HasFlag(FileAttributes.Directory))
linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY;
else
linkFlags = SYMBOLIC_LINK_FLAG_FILE;
if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags))
throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags));
break;
case LinkType.JunctionPoint:
CreateJunctionPoint(linkPath, linkTarget);
break;
case LinkType.HardLink:
if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero))
throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget));
break;
}
}
private static LinkInfo GetHardLinkInfo(string linkPath)
{
UInt32 maxPath = 260;
List<string> result = new List<string>();
StringBuilder sb = new StringBuilder((int)maxPath);
UInt32 stringLength = maxPath;
if (!GetVolumePathName(linkPath, sb, ref stringLength))
throw new LinkUtilWin32Exception("GetVolumePathName() failed");
string volume = sb.ToString();
stringLength = maxPath;
IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb);
if (findHandle.ToInt64() != INVALID_HANDLE_VALUE)
{
try
{
do
{
string hardLinkPath = sb.ToString();
if (hardLinkPath.StartsWith("\\"))
hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1);
result.Add(Path.Combine(volume, hardLinkPath));
stringLength = maxPath;
} while (FindNextFileNameW(findHandle, ref stringLength, sb));
}
finally
{
FindClose(findHandle);
}
}
if (result.Count > 1)
return new LinkInfo
{
Type = LinkType.HardLink,
HardTargets = result.ToArray()
};
return null;
}
private static LinkInfo GetReparsePointInfo(string linkPath)
{
SafeFileHandle fileHandle = CreateFile(
linkPath,
FileAccess.Read,
FileShare.None,
IntPtr.Zero,
FileMode.Open,
FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS,
IntPtr.Zero);
if (fileHandle.IsInvalid)
throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath));
REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER();
UInt32 bytesReturned;
try
{
if (!DeviceIoControl(
fileHandle,
FSCTL_GET_REPARSE_POINT,
IntPtr.Zero,
0,
out buffer,
MAXIMUM_REPARSE_DATA_BUFFER_SIZE,
out bytesReturned,
IntPtr.Zero))
throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath));
}
finally
{
fileHandle.Dispose();
}
bool isRelative = false;
int pathOffset = 0;
LinkType linkType;
if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK)
{
UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]);
if (bufferFlags == SYMLINK_FLAG_RELATIVE)
isRelative = true;
pathOffset = 2;
linkType = LinkType.SymbolicLink;
}
else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT)
{
linkType = LinkType.JunctionPoint;
}
else
{
string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString());
throw new Exception(errorMessage);
}
string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR));
string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR));
// TODO: should we check for \?\UNC\server for convert it to the NT style \\server path
// Remove the leading Windows object directory \?\ from the path if present
string targetPath = substituteName;
if (targetPath.StartsWith("\\??\\"))
targetPath = targetPath.Substring(4, targetPath.Length - 4);
string absolutePath = targetPath;
if (isRelative)
absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath));
return new LinkInfo
{
Type = linkType,
PrintName = printName,
SubstituteName = substituteName,
AbsolutePath = absolutePath,
TargetPath = targetPath
};
}
private static void CreateJunctionPoint(string linkPath, string linkTarget)
{
// We need to create the link as a dir beforehand
Directory.CreateDirectory(linkPath);
SafeFileHandle fileHandle = CreateFile(
linkPath,
FileAccess.Write,
FileShare.Read | FileShare.Write | FileShare.None,
IntPtr.Zero,
FileMode.Open,
FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT,
IntPtr.Zero);
if (fileHandle.IsInvalid)
throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath));
try
{
string substituteName = "\\??\\" + Path.GetFullPath(linkTarget);
string printName = linkTarget;
REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER();
buffer.SubstituteNameOffset = 0;
buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR);
buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2);
buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR);
buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT;
buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12);
buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE];
byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName);
char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes);
Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length);
UInt32 bytesReturned;
if (!DeviceIoControl(
fileHandle,
FSCTL_SET_REPARSE_POINT,
buffer,
(UInt32)(buffer.ReparseDataLength + 8),
IntPtr.Zero, 0,
out bytesReturned,
IntPtr.Zero))
throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget));
}
finally
{
fileHandle.Dispose();
}
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 3132 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8fdcee75-afa0-4ec8-874c-f71a5231b3c4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=1f904f20-07be-4762-a932-90b549c7a092
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3131 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8fdcee75-afa0-4ec8-874c-f71a5231b3c4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3130 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8fdcee75-afa0-4ec8-874c-f71a5231b3c4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3129 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8fdcee75-afa0-4ec8-874c-f71a5231b3c4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3128 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8fdcee75-afa0-4ec8-874c-f71a5231b3c4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3127 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8fdcee75-afa0-4ec8-874c-f71a5231b3c4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3126 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8fdcee75-afa0-4ec8-874c-f71a5231b3c4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3125 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8fdcee75-afa0-4ec8-874c-f71a5231b3c4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3124 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8fdcee75-afa0-4ec8-874c-f71a5231b3c4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3123 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb0845f7-2466-45ae-b22f-27f87139f3cd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=4b095082-c3e9-4c8b-aef3-4e67a0c2ef83
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3122 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb0845f7-2466-45ae-b22f-27f87139f3cd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3121 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb0845f7-2466-45ae-b22f-27f87139f3cd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3120 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb0845f7-2466-45ae-b22f-27f87139f3cd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3119 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb0845f7-2466-45ae-b22f-27f87139f3cd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3118 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb0845f7-2466-45ae-b22f-27f87139f3cd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3117 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb0845f7-2466-45ae-b22f-27f87139f3cd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3116 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=36
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=298a9eb2-2939-4286-9036-d71c5556c0d4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=8cea8d63-c5ea-4fb9-8628-0877ec4069f3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3115 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:07 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -AssemblyName System.DirectoryServices.AccountManagement
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=34
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3da2ad31-0cde-492b-ad93-7350fcf7cc85
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=1a7c62e9-8978-44c7-a845-d97fc82e2c59
PipelineId=5
ScriptName=
CommandLine= Add-Type -AssemblyName System.DirectoryServices.AccountManagement
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="AssemblyName"; value="System.DirectoryServices.AccountManagement"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 3114 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:46:01 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3da2ad31-0cde-492b-ad93-7350fcf7cc85
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=1a7c62e9-8978-44c7-a845-d97fc82e2c59
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3113 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3da2ad31-0cde-492b-ad93-7350fcf7cc85
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3112 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3da2ad31-0cde-492b-ad93-7350fcf7cc85
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3111 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3da2ad31-0cde-492b-ad93-7350fcf7cc85
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3110 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3da2ad31-0cde-492b-ad93-7350fcf7cc85
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3109 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3da2ad31-0cde-492b-ad93-7350fcf7cc85
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3108 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3da2ad31-0cde-492b-ad93-7350fcf7cc85
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3107 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3da2ad31-0cde-492b-ad93-7350fcf7cc85
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3106 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3da2ad31-0cde-492b-ad93-7350fcf7cc85
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3105 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=298a9eb2-2939-4286-9036-d71c5556c0d4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=8cea8d63-c5ea-4fb9-8628-0877ec4069f3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3104 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=298a9eb2-2939-4286-9036-d71c5556c0d4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3103 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=298a9eb2-2939-4286-9036-d71c5556c0d4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3102 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=298a9eb2-2939-4286-9036-d71c5556c0d4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3101 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=298a9eb2-2939-4286-9036-d71c5556c0d4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3100 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=298a9eb2-2939-4286-9036-d71c5556c0d4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3099 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=298a9eb2-2939-4286-9036-d71c5556c0d4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3098 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8f725232-3168-4d24-be77-25476a1e9b13
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=393ad875-e585-4e16-a9a9-49ef8ec6d952
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3097 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:23 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=217922ca-718e-473b-82ef-188b1135b49d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c6f1487c-d05b-4a33-9ee3-e37249bf6485
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3096 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=217922ca-718e-473b-82ef-188b1135b49d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3095 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=217922ca-718e-473b-82ef-188b1135b49d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3094 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=217922ca-718e-473b-82ef-188b1135b49d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3093 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=217922ca-718e-473b-82ef-188b1135b49d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3092 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=217922ca-718e-473b-82ef-188b1135b49d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3091 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=217922ca-718e-473b-82ef-188b1135b49d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3090 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=217922ca-718e-473b-82ef-188b1135b49d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3089 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=217922ca-718e-473b-82ef-188b1135b49d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3088 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8f725232-3168-4d24-be77-25476a1e9b13
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=393ad875-e585-4e16-a9a9-49ef8ec6d952
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3087 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8f725232-3168-4d24-be77-25476a1e9b13
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3086 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8f725232-3168-4d24-be77-25476a1e9b13
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3085 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8f725232-3168-4d24-be77-25476a1e9b13
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3084 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8f725232-3168-4d24-be77-25476a1e9b13
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3083 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8f725232-3168-4d24-be77-25476a1e9b13
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3082 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8f725232-3168-4d24-be77-25476a1e9b13
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3081 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0562699c-2cbf-40e8-b97a-2346c93d5e63
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=787d9b75-18f7-4825-a4f0-8942ac0024a2
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3080 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9087aeba-837d-4742-a9ef-c0ac05014ca5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=986f6996-0dad-4cb7-b5fb-c775be305665
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3079 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9087aeba-837d-4742-a9ef-c0ac05014ca5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3078 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9087aeba-837d-4742-a9ef-c0ac05014ca5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3077 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9087aeba-837d-4742-a9ef-c0ac05014ca5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3076 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9087aeba-837d-4742-a9ef-c0ac05014ca5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3075 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9087aeba-837d-4742-a9ef-c0ac05014ca5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3074 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9087aeba-837d-4742-a9ef-c0ac05014ca5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3073 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9087aeba-837d-4742-a9ef-c0ac05014ca5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3072 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9087aeba-837d-4742-a9ef-c0ac05014ca5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3071 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0562699c-2cbf-40e8-b97a-2346c93d5e63
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=787d9b75-18f7-4825-a4f0-8942ac0024a2
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3070 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0562699c-2cbf-40e8-b97a-2346c93d5e63
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3069 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0562699c-2cbf-40e8-b97a-2346c93d5e63
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3068 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0562699c-2cbf-40e8-b97a-2346c93d5e63
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3067 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0562699c-2cbf-40e8-b97a-2346c93d5e63
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3066 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0562699c-2cbf-40e8-b97a-2346c93d5e63
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3065 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0562699c-2cbf-40e8-b97a-2346c93d5e63
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3064 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8d5f288f-512a-4ec4-8939-800ebd275a13
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=a8bbd742-81a6-43ad-98d7-d8e02a9aab52
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3063 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0b367f17-f606-4810-918d-30723def8bb7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=d9464707-b133-46fd-ad35-73ec6dfe31e9
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3062 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0b367f17-f606-4810-918d-30723def8bb7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3061 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0b367f17-f606-4810-918d-30723def8bb7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3060 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0b367f17-f606-4810-918d-30723def8bb7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3059 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0b367f17-f606-4810-918d-30723def8bb7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3058 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0b367f17-f606-4810-918d-30723def8bb7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3057 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0b367f17-f606-4810-918d-30723def8bb7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3056 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0b367f17-f606-4810-918d-30723def8bb7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3055 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0b367f17-f606-4810-918d-30723def8bb7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3054 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8d5f288f-512a-4ec4-8939-800ebd275a13
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=a8bbd742-81a6-43ad-98d7-d8e02a9aab52
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3053 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8d5f288f-512a-4ec4-8939-800ebd275a13
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3052 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8d5f288f-512a-4ec4-8939-800ebd275a13
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3051 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8d5f288f-512a-4ec4-8939-800ebd275a13
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3050 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8d5f288f-512a-4ec4-8939-800ebd275a13
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3049 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8d5f288f-512a-4ec4-8939-800ebd275a13
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3048 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8d5f288f-512a-4ec4-8939-800ebd275a13
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3047 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b9b67aa8-99ab-46bd-94d8-f505b222d524
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=07f78133-5bd6-4e90-966a-26e85ed39b1c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3046 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=690891c4-cdd9-4290-9f92-a721ff9ade74
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=273ec247-ce43-4deb-8369-f03504f4a9f3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3045 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=690891c4-cdd9-4290-9f92-a721ff9ade74
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3044 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=690891c4-cdd9-4290-9f92-a721ff9ade74
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3043 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=690891c4-cdd9-4290-9f92-a721ff9ade74
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3042 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=690891c4-cdd9-4290-9f92-a721ff9ade74
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3041 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=690891c4-cdd9-4290-9f92-a721ff9ade74
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3040 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=690891c4-cdd9-4290-9f92-a721ff9ade74
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3039 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=690891c4-cdd9-4290-9f92-a721ff9ade74
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3038 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=690891c4-cdd9-4290-9f92-a721ff9ade74
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3037 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b9b67aa8-99ab-46bd-94d8-f505b222d524
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=07f78133-5bd6-4e90-966a-26e85ed39b1c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3036 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b9b67aa8-99ab-46bd-94d8-f505b222d524
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3035 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b9b67aa8-99ab-46bd-94d8-f505b222d524
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3034 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b9b67aa8-99ab-46bd-94d8-f505b222d524
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3033 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b9b67aa8-99ab-46bd-94d8-f505b222d524
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3032 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b9b67aa8-99ab-46bd-94d8-f505b222d524
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3031 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b9b67aa8-99ab-46bd-94d8-f505b222d524
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3030 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=853acdd5-9dd6-4134-92b7-c06e057b057d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=a545d9ac-e313-438c-90e3-4f8140e07fcc
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3029 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ff6c95b2-5fc8-471e-96df-d002e7ac90cd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9dfb79fb-2fc1-4466-892a-71bb9a16a980
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3028 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ff6c95b2-5fc8-471e-96df-d002e7ac90cd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3027 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ff6c95b2-5fc8-471e-96df-d002e7ac90cd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3026 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ff6c95b2-5fc8-471e-96df-d002e7ac90cd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3025 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ff6c95b2-5fc8-471e-96df-d002e7ac90cd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3024 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ff6c95b2-5fc8-471e-96df-d002e7ac90cd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3023 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ff6c95b2-5fc8-471e-96df-d002e7ac90cd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3022 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ff6c95b2-5fc8-471e-96df-d002e7ac90cd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3021 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ff6c95b2-5fc8-471e-96df-d002e7ac90cd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3020 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=853acdd5-9dd6-4134-92b7-c06e057b057d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=a545d9ac-e313-438c-90e3-4f8140e07fcc
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3019 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:08 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=853acdd5-9dd6-4134-92b7-c06e057b057d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3018 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:08 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=853acdd5-9dd6-4134-92b7-c06e057b057d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3017 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:08 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=853acdd5-9dd6-4134-92b7-c06e057b057d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3016 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:08 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=853acdd5-9dd6-4134-92b7-c06e057b057d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3015 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:08 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=853acdd5-9dd6-4134-92b7-c06e057b057d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3014 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:08 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=853acdd5-9dd6-4134-92b7-c06e057b057d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3013 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:08 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=34
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=86bb440b-5fa8-481e-b2c8-8384bfde3649
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=63421dba-e7aa-482a-acef-427d24565718
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3012 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:07 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3ab3c732-ada0-4ac8-9065-d182ef62e3f2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c8f440c5-2d45-496f-9afa-d3cac7a85adf
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3011 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:04 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3ab3c732-ada0-4ac8-9065-d182ef62e3f2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3010 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:04 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3ab3c732-ada0-4ac8-9065-d182ef62e3f2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3009 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:04 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3ab3c732-ada0-4ac8-9065-d182ef62e3f2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3008 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:04 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3ab3c732-ada0-4ac8-9065-d182ef62e3f2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3007 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:04 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3ab3c732-ada0-4ac8-9065-d182ef62e3f2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3006 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:04 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3ab3c732-ada0-4ac8-9065-d182ef62e3f2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3005 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:04 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3ab3c732-ada0-4ac8-9065-d182ef62e3f2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3004 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:04 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3ab3c732-ada0-4ac8-9065-d182ef62e3f2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3003 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:04 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=86bb440b-5fa8-481e-b2c8-8384bfde3649
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=63421dba-e7aa-482a-acef-427d24565718
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3002 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:03 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=86bb440b-5fa8-481e-b2c8-8384bfde3649
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3001 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:03 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=86bb440b-5fa8-481e-b2c8-8384bfde3649
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3000 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:03 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=86bb440b-5fa8-481e-b2c8-8384bfde3649
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2999 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:03 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=86bb440b-5fa8-481e-b2c8-8384bfde3649
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2998 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:03 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=86bb440b-5fa8-481e-b2c8-8384bfde3649
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2997 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:03 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=86bb440b-5fa8-481e-b2c8-8384bfde3649
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2996 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:03 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d177226e-ea1d-46d9-b906-8de43bcff88f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=a003c068-d03e-4e48-9ec7-3c8816201c41
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2995 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9af73932-3ed5-49d1-8e6a-ccc604326610
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=471ff527-d73f-4d3b-b16d-b819773c056d
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $symlink_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.ComponentModel;
using System.Runtime.InteropServices;
namespace Ansible.Command {
public class SymLinkHelper {
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool DeleteFileW(string lpFileName);
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool RemoveDirectoryW(string lpPathName);
public static void DeleteDirectory(string path) {
if (!RemoveDirectoryW(path))
throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
public static void DeleteFile(string path) {
if (!DeleteFileW(path))
throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2994 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9af73932-3ed5-49d1-8e6a-ccc604326610
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=471ff527-d73f-4d3b-b16d-b819773c056d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2993 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9af73932-3ed5-49d1-8e6a-ccc604326610
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2992 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9af73932-3ed5-49d1-8e6a-ccc604326610
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2991 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9af73932-3ed5-49d1-8e6a-ccc604326610
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2990 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9af73932-3ed5-49d1-8e6a-ccc604326610
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2989 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9af73932-3ed5-49d1-8e6a-ccc604326610
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2988 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9af73932-3ed5-49d1-8e6a-ccc604326610
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2987 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9af73932-3ed5-49d1-8e6a-ccc604326610
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2986 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9af73932-3ed5-49d1-8e6a-ccc604326610
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2985 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d177226e-ea1d-46d9-b906-8de43bcff88f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=a003c068-d03e-4e48-9ec7-3c8816201c41
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2984 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:01 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d177226e-ea1d-46d9-b906-8de43bcff88f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2983 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:01 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d177226e-ea1d-46d9-b906-8de43bcff88f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2982 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:01 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d177226e-ea1d-46d9-b906-8de43bcff88f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2981 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:01 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d177226e-ea1d-46d9-b906-8de43bcff88f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2980 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:01 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d177226e-ea1d-46d9-b906-8de43bcff88f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2979 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:01 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d177226e-ea1d-46d9-b906-8de43bcff88f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2978 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:45:01 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=36
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=32c430f5-aefc-4faa-8cd0-49397266a78b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=6abf444f-0b2c-4d58-a673-83c053ca95c3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2977 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:44:57 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -AssemblyName System.DirectoryServices.AccountManagement
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=34
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1b8aef86-b6c3-4562-b973-b71c83d24f0e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=0b6263d1-3a98-491c-ba11-dcd9ddf7b36e
PipelineId=5
ScriptName=
CommandLine= Add-Type -AssemblyName System.DirectoryServices.AccountManagement
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="AssemblyName"; value="System.DirectoryServices.AccountManagement"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2976 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:44:55 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1b8aef86-b6c3-4562-b973-b71c83d24f0e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=0b6263d1-3a98-491c-ba11-dcd9ddf7b36e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2975 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:44:53 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1b8aef86-b6c3-4562-b973-b71c83d24f0e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2974 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:44:53 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1b8aef86-b6c3-4562-b973-b71c83d24f0e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2973 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:44:53 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1b8aef86-b6c3-4562-b973-b71c83d24f0e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2972 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:44:53 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1b8aef86-b6c3-4562-b973-b71c83d24f0e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2971 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:44:53 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1b8aef86-b6c3-4562-b973-b71c83d24f0e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2970 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:44:53 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1b8aef86-b6c3-4562-b973-b71c83d24f0e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2969 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:44:53 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1b8aef86-b6c3-4562-b973-b71c83d24f0e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2968 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:44:53 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1b8aef86-b6c3-4562-b973-b71c83d24f0e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2967 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:44:53 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=32c430f5-aefc-4faa-8cd0-49397266a78b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=6abf444f-0b2c-4d58-a673-83c053ca95c3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2966 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:44:52 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=32c430f5-aefc-4faa-8cd0-49397266a78b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2965 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:44:52 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=32c430f5-aefc-4faa-8cd0-49397266a78b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2964 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:44:52 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=32c430f5-aefc-4faa-8cd0-49397266a78b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2963 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:44:52 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=32c430f5-aefc-4faa-8cd0-49397266a78b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2962 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:44:52 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=32c430f5-aefc-4faa-8cd0-49397266a78b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2961 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:44:52 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=32c430f5-aefc-4faa-8cd0-49397266a78b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2960 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:44:52 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=74679abf-fac4-4dfe-a1b6-a9eda7d00d3d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=89d5f04c-eefb-42c3-9599-7a30155e5ab2
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2959 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:08 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2d80ae4f-a265-465e-bb96-fd87edfbb872
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=04e90de6-2517-493d-8572-fc486a0ef5c7
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2958 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:04 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2d80ae4f-a265-465e-bb96-fd87edfbb872
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2957 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:04 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2d80ae4f-a265-465e-bb96-fd87edfbb872
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2956 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:04 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2d80ae4f-a265-465e-bb96-fd87edfbb872
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2955 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:04 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2d80ae4f-a265-465e-bb96-fd87edfbb872
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2954 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:04 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2d80ae4f-a265-465e-bb96-fd87edfbb872
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2953 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:04 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2d80ae4f-a265-465e-bb96-fd87edfbb872
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2952 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:04 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2d80ae4f-a265-465e-bb96-fd87edfbb872
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2951 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:04 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2d80ae4f-a265-465e-bb96-fd87edfbb872
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2950 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:04 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=74679abf-fac4-4dfe-a1b6-a9eda7d00d3d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=89d5f04c-eefb-42c3-9599-7a30155e5ab2
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2949 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:03 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=74679abf-fac4-4dfe-a1b6-a9eda7d00d3d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2948 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:03 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=74679abf-fac4-4dfe-a1b6-a9eda7d00d3d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2947 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:03 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=74679abf-fac4-4dfe-a1b6-a9eda7d00d3d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2946 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:03 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=74679abf-fac4-4dfe-a1b6-a9eda7d00d3d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2945 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:03 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=74679abf-fac4-4dfe-a1b6-a9eda7d00d3d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2944 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:03 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=74679abf-fac4-4dfe-a1b6-a9eda7d00d3d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2943 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:03 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=71cf84d5-fc6c-4538-bdf5-d31886e25725
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAGcAQQA0AEEARABBAEEATQBBAEEAdQBBAEQARQBBAE0AZwBBAHQAQQBEAEUAQQBPAFEAQQB5AEEARABRAEEATQBBAEEAeQBBAEQATQBBAE8AUQBBADMAQQBEAE0AQQBPAEEAQQB5AEEARABrAEEATwBBAEEAMgBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=e55df73e-0648-4212-888e-16d4f06c3d69
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2942 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1d2bec1a-6e5d-434e-866f-48ab5426fba5
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA4ADAAMAAuADEAMgAtADEAOQAyADQAMAAyADMAOQA3ADMAOAAyADkAOAA2ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=8a63f794-0b67-450f-9013-a38e010595b1
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2941 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1d2bec1a-6e5d-434e-866f-48ab5426fba5
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA4ADAAMAAuADEAMgAtADEAOQAyADQAMAAyADMAOQA3ADMAOAAyADkAOAA2ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=8a63f794-0b67-450f-9013-a38e010595b1
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2940 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1d2bec1a-6e5d-434e-866f-48ab5426fba5
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA4ADAAMAAuADEAMgAtADEAOQAyADQAMAAyADMAOQA3ADMAOAAyADkAOAA2ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2939 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1d2bec1a-6e5d-434e-866f-48ab5426fba5
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA4ADAAMAAuADEAMgAtADEAOQAyADQAMAAyADMAOQA3ADMAOAAyADkAOAA2ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2938 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1d2bec1a-6e5d-434e-866f-48ab5426fba5
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA4ADAAMAAuADEAMgAtADEAOQAyADQAMAAyADMAOQA3ADMAOAAyADkAOAA2ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2937 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1d2bec1a-6e5d-434e-866f-48ab5426fba5
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA4ADAAMAAuADEAMgAtADEAOQAyADQAMAAyADMAOQA3ADMAOAAyADkAOAA2ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2936 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1d2bec1a-6e5d-434e-866f-48ab5426fba5
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA4ADAAMAAuADEAMgAtADEAOQAyADQAMAAyADMAOQA3ADMAOAAyADkAOAA2ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2935 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1d2bec1a-6e5d-434e-866f-48ab5426fba5
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA4ADAAMAAuADEAMgAtADEAOQAyADQAMAAyADMAOQA3ADMAOAAyADkAOAA2ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2934 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=71cf84d5-fc6c-4538-bdf5-d31886e25725
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAGcAQQA0AEEARABBAEEATQBBAEEAdQBBAEQARQBBAE0AZwBBAHQAQQBEAEUAQQBPAFEAQQB5AEEARABRAEEATQBBAEEAeQBBAEQATQBBAE8AUQBBADMAQQBEAE0AQQBPAEEAQQB5AEEARABrAEEATwBBAEEAMgBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=e55df73e-0648-4212-888e-16d4f06c3d69
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2933 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=71cf84d5-fc6c-4538-bdf5-d31886e25725
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAGcAQQA0AEEARABBAEEATQBBAEEAdQBBAEQARQBBAE0AZwBBAHQAQQBEAEUAQQBPAFEAQQB5AEEARABRAEEATQBBAEEAeQBBAEQATQBBAE8AUQBBADMAQQBEAE0AQQBPAEEAQQB5AEEARABrAEEATwBBAEEAMgBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2932 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=71cf84d5-fc6c-4538-bdf5-d31886e25725
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAGcAQQA0AEEARABBAEEATQBBAEEAdQBBAEQARQBBAE0AZwBBAHQAQQBEAEUAQQBPAFEAQQB5AEEARABRAEEATQBBAEEAeQBBAEQATQBBAE8AUQBBADMAQQBEAE0AQQBPAEEAQQB5AEEARABrAEEATwBBAEEAMgBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2931 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=71cf84d5-fc6c-4538-bdf5-d31886e25725
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAGcAQQA0AEEARABBAEEATQBBAEEAdQBBAEQARQBBAE0AZwBBAHQAQQBEAEUAQQBPAFEAQQB5AEEARABRAEEATQBBAEEAeQBBAEQATQBBAE8AUQBBADMAQQBEAE0AQQBPAEEAQQB5AEEARABrAEEATwBBAEEAMgBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2930 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=71cf84d5-fc6c-4538-bdf5-d31886e25725
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAGcAQQA0AEEARABBAEEATQBBAEEAdQBBAEQARQBBAE0AZwBBAHQAQQBEAEUAQQBPAFEAQQB5AEEARABRAEEATQBBAEEAeQBBAEQATQBBAE8AUQBBADMAQQBEAE0AQQBPAEEAQQB5AEEARABrAEEATwBBAEEAMgBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2929 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=71cf84d5-fc6c-4538-bdf5-d31886e25725
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAGcAQQA0AEEARABBAEEATQBBAEEAdQBBAEQARQBBAE0AZwBBAHQAQQBEAEUAQQBPAFEAQQB5AEEARABRAEEATQBBAEEAeQBBAEQATQBBAE8AUQBBADMAQQBEAE0AQQBPAEEAQQB5AEEARABrAEEATwBBAEEAMgBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2928 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=71cf84d5-fc6c-4538-bdf5-d31886e25725
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAGcAQQA0AEEARABBAEEATQBBAEEAdQBBAEQARQBBAE0AZwBBAHQAQQBEAEUAQQBPAFEAQQB5AEEARABRAEEATQBBAEEAeQBBAEQATQBBAE8AUQBBADMAQQBEAE0AQQBPAEEAQQB5AEEARABrAEEATwBBAEEAMgBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2927 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ea1085c7-e7b9-4702-b600-73598fc64cc1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=18e4168b-83c0-49f7-92b0-f495d1c5bb62
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2926 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=cd00ce51-b2e9-45d4-9dfc-d47ea3c16761
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c0dec66e-1dcf-444d-a544-c129197565c2
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2925 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=cd00ce51-b2e9-45d4-9dfc-d47ea3c16761
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2924 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=cd00ce51-b2e9-45d4-9dfc-d47ea3c16761
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2923 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=cd00ce51-b2e9-45d4-9dfc-d47ea3c16761
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2922 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=cd00ce51-b2e9-45d4-9dfc-d47ea3c16761
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2921 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=cd00ce51-b2e9-45d4-9dfc-d47ea3c16761
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2920 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=cd00ce51-b2e9-45d4-9dfc-d47ea3c16761
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2919 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=cd00ce51-b2e9-45d4-9dfc-d47ea3c16761
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2918 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=cd00ce51-b2e9-45d4-9dfc-d47ea3c16761
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2917 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ea1085c7-e7b9-4702-b600-73598fc64cc1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=18e4168b-83c0-49f7-92b0-f495d1c5bb62
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2916 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:01 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ea1085c7-e7b9-4702-b600-73598fc64cc1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2915 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:01 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ea1085c7-e7b9-4702-b600-73598fc64cc1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2914 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:01 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ea1085c7-e7b9-4702-b600-73598fc64cc1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2913 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:01 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ea1085c7-e7b9-4702-b600-73598fc64cc1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2912 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:01 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ea1085c7-e7b9-4702-b600-73598fc64cc1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2911 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:01 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ea1085c7-e7b9-4702-b600-73598fc64cc1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2910 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:01 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=47eb34b3-4c3f-4899-9497-75b906973ccd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA4ADAAMAAuADEAMgAtADEAOQAyADQAMAAyADMAOQA3ADMAOAAyADkAOAA2AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=96f593ac-73fe-4723-8493-6bf836321c7d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2909 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:01 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=47eb34b3-4c3f-4899-9497-75b906973ccd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA4ADAAMAAuADEAMgAtADEAOQAyADQAMAAyADMAOQA3ADMAOAAyADkAOAA2AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=96f593ac-73fe-4723-8493-6bf836321c7d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2908 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:00 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=47eb34b3-4c3f-4899-9497-75b906973ccd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA4ADAAMAAuADEAMgAtADEAOQAyADQAMAAyADMAOQA3ADMAOAAyADkAOAA2AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2907 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:00 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=47eb34b3-4c3f-4899-9497-75b906973ccd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA4ADAAMAAuADEAMgAtADEAOQAyADQAMAAyADMAOQA3ADMAOAAyADkAOAA2AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2906 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:00 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=47eb34b3-4c3f-4899-9497-75b906973ccd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA4ADAAMAAuADEAMgAtADEAOQAyADQAMAAyADMAOQA3ADMAOAAyADkAOAA2AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2905 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:00 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=47eb34b3-4c3f-4899-9497-75b906973ccd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA4ADAAMAAuADEAMgAtADEAOQAyADQAMAAyADMAOQA3ADMAOAAyADkAOAA2AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2904 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:00 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=47eb34b3-4c3f-4899-9497-75b906973ccd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA4ADAAMAAuADEAMgAtADEAOQAyADQAMAAyADMAOQA3ADMAOAAyADkAOAA2AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2903 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:00 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=47eb34b3-4c3f-4899-9497-75b906973ccd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA4ADAAMAAuADEAMgAtADEAOQAyADQAMAAyADMAOQA3ADMAOAAyADkAOAA2AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2902 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:00 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7cf76d5b-c784-4103-9218-ae58bea663f1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAGcAQQBNAEEAQQB3AEEAQwA0AEEATQBRAEEAeQBBAEMAMABBAE0AUQBBADUAQQBEAEkAQQBOAEEAQQB3AEEARABJAEEATQB3AEEANQBBAEQAYwBBAE0AdwBBADQAQQBEAEkAQQBPAFEAQQA0AEEARABZAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=f52f9277-368f-4dad-8104-12041ea13f5b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2901 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:00 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b2700d11-90c1-42cb-a44f-115a4a0489e1
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAyADgAMAAwAC4AMQAyAC0AMQA5ADIANAAwADIAMwA5ADcAMwA4ADIAOQA4ADYAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=2b0f2f2c-1b40-4d62-8959-47f8fd5d83a7
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2900 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:00 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b2700d11-90c1-42cb-a44f-115a4a0489e1
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAyADgAMAAwAC4AMQAyAC0AMQA5ADIANAAwADIAMwA5ADcAMwA4ADIAOQA4ADYAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=2b0f2f2c-1b40-4d62-8959-47f8fd5d83a7
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2899 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:00 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b2700d11-90c1-42cb-a44f-115a4a0489e1
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAyADgAMAAwAC4AMQAyAC0AMQA5ADIANAAwADIAMwA5ADcAMwA4ADIAOQA4ADYAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2898 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:00 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b2700d11-90c1-42cb-a44f-115a4a0489e1
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAyADgAMAAwAC4AMQAyAC0AMQA5ADIANAAwADIAMwA5ADcAMwA4ADIAOQA4ADYAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2897 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:00 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b2700d11-90c1-42cb-a44f-115a4a0489e1
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAyADgAMAAwAC4AMQAyAC0AMQA5ADIANAAwADIAMwA5ADcAMwA4ADIAOQA4ADYAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2896 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:00 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b2700d11-90c1-42cb-a44f-115a4a0489e1
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAyADgAMAAwAC4AMQAyAC0AMQA5ADIANAAwADIAMwA5ADcAMwA4ADIAOQA4ADYAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2895 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:00 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b2700d11-90c1-42cb-a44f-115a4a0489e1
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAyADgAMAAwAC4AMQAyAC0AMQA5ADIANAAwADIAMwA5ADcAMwA4ADIAOQA4ADYAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2894 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:00 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b2700d11-90c1-42cb-a44f-115a4a0489e1
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAyADgAMAAwAC4AMQAyAC0AMQA5ADIANAAwADIAMwA5ADcAMwA4ADIAOQA4ADYAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2893 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:00 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7cf76d5b-c784-4103-9218-ae58bea663f1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAGcAQQBNAEEAQQB3AEEAQwA0AEEATQBRAEEAeQBBAEMAMABBAE0AUQBBADUAQQBEAEkAQQBOAEEAQQB3AEEARABJAEEATQB3AEEANQBBAEQAYwBBAE0AdwBBADQAQQBEAEkAQQBPAFEAQQA0AEEARABZAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=f52f9277-368f-4dad-8104-12041ea13f5b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2892 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:00 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7cf76d5b-c784-4103-9218-ae58bea663f1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAGcAQQBNAEEAQQB3AEEAQwA0AEEATQBRAEEAeQBBAEMAMABBAE0AUQBBADUAQQBEAEkAQQBOAEEAQQB3AEEARABJAEEATQB3AEEANQBBAEQAYwBBAE0AdwBBADQAQQBEAEkAQQBPAFEAQQA0AEEARABZAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2891 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:00 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7cf76d5b-c784-4103-9218-ae58bea663f1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAGcAQQBNAEEAQQB3AEEAQwA0AEEATQBRAEEAeQBBAEMAMABBAE0AUQBBADUAQQBEAEkAQQBOAEEAQQB3AEEARABJAEEATQB3AEEANQBBAEQAYwBBAE0AdwBBADQAQQBEAEkAQQBPAFEAQQA0AEEARABZAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2890 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:00 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7cf76d5b-c784-4103-9218-ae58bea663f1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAGcAQQBNAEEAQQB3AEEAQwA0AEEATQBRAEEAeQBBAEMAMABBAE0AUQBBADUAQQBEAEkAQQBOAEEAQQB3AEEARABJAEEATQB3AEEANQBBAEQAYwBBAE0AdwBBADQAQQBEAEkAQQBPAFEAQQA0AEEARABZAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2889 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:00 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7cf76d5b-c784-4103-9218-ae58bea663f1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAGcAQQBNAEEAQQB3AEEAQwA0AEEATQBRAEEAeQBBAEMAMABBAE0AUQBBADUAQQBEAEkAQQBOAEEAQQB3AEEARABJAEEATQB3AEEANQBBAEQAYwBBAE0AdwBBADQAQQBEAEkAQQBPAFEAQQA0AEEARABZAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2888 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:00 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7cf76d5b-c784-4103-9218-ae58bea663f1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAGcAQQBNAEEAQQB3AEEAQwA0AEEATQBRAEEAeQBBAEMAMABBAE0AUQBBADUAQQBEAEkAQQBOAEEAQQB3AEEARABJAEEATQB3AEEANQBBAEQAYwBBAE0AdwBBADQAQQBEAEkAQQBPAFEAQQA0AEEARABZAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2887 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:00 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7cf76d5b-c784-4103-9218-ae58bea663f1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAGcAQQBNAEEAQQB3AEEAQwA0AEEATQBRAEEAeQBBAEMAMABBAE0AUQBBADUAQQBEAEkAQQBOAEEAQQB3AEEARABJAEEATQB3AEEANQBBAEQAYwBBAE0AdwBBADQAQQBEAEkAQQBPAFEAQQA0AEEARABZAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2886 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:00 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d98dd719-7c16-416b-bb3b-bc58e96820cc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=70edda3d-7c65-4e22-9ef6-fc0a97d3f4dd
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2885 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:40:00 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=acfb9cea-3cd1-40e2-ae0b-db7acba89516
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=40612436-a7ed-4832-bdcd-cbbd9e8dd484
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2884 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=acfb9cea-3cd1-40e2-ae0b-db7acba89516
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2883 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=acfb9cea-3cd1-40e2-ae0b-db7acba89516
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2882 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=acfb9cea-3cd1-40e2-ae0b-db7acba89516
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2881 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=acfb9cea-3cd1-40e2-ae0b-db7acba89516
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2880 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=acfb9cea-3cd1-40e2-ae0b-db7acba89516
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2879 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=acfb9cea-3cd1-40e2-ae0b-db7acba89516
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2878 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=acfb9cea-3cd1-40e2-ae0b-db7acba89516
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2877 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=acfb9cea-3cd1-40e2-ae0b-db7acba89516
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2876 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d98dd719-7c16-416b-bb3b-bc58e96820cc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=70edda3d-7c65-4e22-9ef6-fc0a97d3f4dd
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2875 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d98dd719-7c16-416b-bb3b-bc58e96820cc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2874 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d98dd719-7c16-416b-bb3b-bc58e96820cc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2873 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d98dd719-7c16-416b-bb3b-bc58e96820cc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2872 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d98dd719-7c16-416b-bb3b-bc58e96820cc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2871 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d98dd719-7c16-416b-bb3b-bc58e96820cc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2870 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d98dd719-7c16-416b-bb3b-bc58e96820cc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2869 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9530c1b1-1466-4feb-973f-db63d662d66e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=6218e182-be57-4da7-91ff-39b5c91b0f47
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2868 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:58 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=41e3333a-8d8d-41df-acf6-09b511fba402
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgA=
EngineVersion=5.1.14393.1944
RunspaceId=2a0a9e80-6dbc-4df9-9d7f-78a792915ad8
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2867 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:58 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=41e3333a-8d8d-41df-acf6-09b511fba402
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgA=
EngineVersion=5.1.14393.1944
RunspaceId=2a0a9e80-6dbc-4df9-9d7f-78a792915ad8
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2866 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=41e3333a-8d8d-41df-acf6-09b511fba402
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2865 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=41e3333a-8d8d-41df-acf6-09b511fba402
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2864 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=41e3333a-8d8d-41df-acf6-09b511fba402
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2863 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=41e3333a-8d8d-41df-acf6-09b511fba402
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2862 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=41e3333a-8d8d-41df-acf6-09b511fba402
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2861 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=41e3333a-8d8d-41df-acf6-09b511fba402
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2860 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1b20eb30-40ef-45ba-9f25-adb937f0597c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=da06f3e5-0fb2-40da-9f3e-5ef4d1acda2f
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2859 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1b20eb30-40ef-45ba-9f25-adb937f0597c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=da06f3e5-0fb2-40da-9f3e-5ef4d1acda2f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2858 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1b20eb30-40ef-45ba-9f25-adb937f0597c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2857 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1b20eb30-40ef-45ba-9f25-adb937f0597c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2856 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1b20eb30-40ef-45ba-9f25-adb937f0597c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2855 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1b20eb30-40ef-45ba-9f25-adb937f0597c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2854 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1b20eb30-40ef-45ba-9f25-adb937f0597c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2853 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1b20eb30-40ef-45ba-9f25-adb937f0597c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2852 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1b20eb30-40ef-45ba-9f25-adb937f0597c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2851 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1b20eb30-40ef-45ba-9f25-adb937f0597c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2850 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9530c1b1-1466-4feb-973f-db63d662d66e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=6218e182-be57-4da7-91ff-39b5c91b0f47
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2849 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9530c1b1-1466-4feb-973f-db63d662d66e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2848 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9530c1b1-1466-4feb-973f-db63d662d66e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2847 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9530c1b1-1466-4feb-973f-db63d662d66e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2846 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9530c1b1-1466-4feb-973f-db63d662d66e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2845 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9530c1b1-1466-4feb-973f-db63d662d66e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2844 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9530c1b1-1466-4feb-973f-db63d662d66e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2843 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0e2a241a-12f2-440a-8590-481d790af6e7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=361ee50a-72f1-4c43-b621-1c059d1a7c23
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2842 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fd6e6663-6694-4db1-bdd2-8ea503bb5417
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgAgACIALQBlACAAZgBpAGwAZQA6AC8ALwAvAEMAOgAvAG8AcABlAG4AcwB0AGEAYwBrAC8AYgB1AGkAbABkAC8AbgBlAHQAdwBvAHIAawBpAG4AZwAtAGgAeQBwAGUAcgB2ACMAZQBnAGcAPQBuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAIgA=
EngineVersion=5.1.14393.1944
RunspaceId=dcecbcf4-34c3-491a-ace2-55da82d0a03b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2841 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fd6e6663-6694-4db1-bdd2-8ea503bb5417
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgAgACIALQBlACAAZgBpAGwAZQA6AC8ALwAvAEMAOgAvAG8AcABlAG4AcwB0AGEAYwBrAC8AYgB1AGkAbABkAC8AbgBlAHQAdwBvAHIAawBpAG4AZwAtAGgAeQBwAGUAcgB2ACMAZQBnAGcAPQBuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAIgA=
EngineVersion=5.1.14393.1944
RunspaceId=dcecbcf4-34c3-491a-ace2-55da82d0a03b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2840 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fd6e6663-6694-4db1-bdd2-8ea503bb5417
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgAgACIALQBlACAAZgBpAGwAZQA6AC8ALwAvAEMAOgAvAG8AcABlAG4AcwB0AGEAYwBrAC8AYgB1AGkAbABkAC8AbgBlAHQAdwBvAHIAawBpAG4AZwAtAGgAeQBwAGUAcgB2ACMAZQBnAGcAPQBuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2839 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fd6e6663-6694-4db1-bdd2-8ea503bb5417
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgAgACIALQBlACAAZgBpAGwAZQA6AC8ALwAvAEMAOgAvAG8AcABlAG4AcwB0AGEAYwBrAC8AYgB1AGkAbABkAC8AbgBlAHQAdwBvAHIAawBpAG4AZwAtAGgAeQBwAGUAcgB2ACMAZQBnAGcAPQBuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2838 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fd6e6663-6694-4db1-bdd2-8ea503bb5417
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgAgACIALQBlACAAZgBpAGwAZQA6AC8ALwAvAEMAOgAvAG8AcABlAG4AcwB0AGEAYwBrAC8AYgB1AGkAbABkAC8AbgBlAHQAdwBvAHIAawBpAG4AZwAtAGgAeQBwAGUAcgB2ACMAZQBnAGcAPQBuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2837 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fd6e6663-6694-4db1-bdd2-8ea503bb5417
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgAgACIALQBlACAAZgBpAGwAZQA6AC8ALwAvAEMAOgAvAG8AcABlAG4AcwB0AGEAYwBrAC8AYgB1AGkAbABkAC8AbgBlAHQAdwBvAHIAawBpAG4AZwAtAGgAeQBwAGUAcgB2ACMAZQBnAGcAPQBuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2836 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fd6e6663-6694-4db1-bdd2-8ea503bb5417
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgAgACIALQBlACAAZgBpAGwAZQA6AC8ALwAvAEMAOgAvAG8AcABlAG4AcwB0AGEAYwBrAC8AYgB1AGkAbABkAC8AbgBlAHQAdwBvAHIAawBpAG4AZwAtAGgAeQBwAGUAcgB2ACMAZQBnAGcAPQBuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2835 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fd6e6663-6694-4db1-bdd2-8ea503bb5417
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgAgACIALQBlACAAZgBpAGwAZQA6AC8ALwAvAEMAOgAvAG8AcABlAG4AcwB0AGEAYwBrAC8AYgB1AGkAbABkAC8AbgBlAHQAdwBvAHIAawBpAG4AZwAtAGgAeQBwAGUAcgB2ACMAZQBnAGcAPQBuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2834 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=387ea20c-dd3c-4900-88c1-ee64921686d3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=913cda4b-404c-417c-bced-f89130a407c0
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2833 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=387ea20c-dd3c-4900-88c1-ee64921686d3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=913cda4b-404c-417c-bced-f89130a407c0
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2832 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=387ea20c-dd3c-4900-88c1-ee64921686d3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2831 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=387ea20c-dd3c-4900-88c1-ee64921686d3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2830 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=387ea20c-dd3c-4900-88c1-ee64921686d3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2829 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=387ea20c-dd3c-4900-88c1-ee64921686d3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2828 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=387ea20c-dd3c-4900-88c1-ee64921686d3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2827 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=387ea20c-dd3c-4900-88c1-ee64921686d3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2826 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=387ea20c-dd3c-4900-88c1-ee64921686d3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2825 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=387ea20c-dd3c-4900-88c1-ee64921686d3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2824 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0e2a241a-12f2-440a-8590-481d790af6e7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=361ee50a-72f1-4c43-b621-1c059d1a7c23
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2823 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0e2a241a-12f2-440a-8590-481d790af6e7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2822 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0e2a241a-12f2-440a-8590-481d790af6e7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2821 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0e2a241a-12f2-440a-8590-481d790af6e7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2820 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0e2a241a-12f2-440a-8590-481d790af6e7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2819 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0e2a241a-12f2-440a-8590-481d790af6e7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2818 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0e2a241a-12f2-440a-8590-481d790af6e7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2817 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c1d64575-fbed-41b7-b98b-3da8426ccc90
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=5394aeb7-ac35-4d72-b68c-d063ff00b2dc
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2816 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5d09891a-46d5-4e02-b20a-6c3329480d25
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=91a9f166-7e46-4393-9aef-ee3066735abd
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2815 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5d09891a-46d5-4e02-b20a-6c3329480d25
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=91a9f166-7e46-4393-9aef-ee3066735abd
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2814 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5d09891a-46d5-4e02-b20a-6c3329480d25
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2813 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5d09891a-46d5-4e02-b20a-6c3329480d25
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2812 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5d09891a-46d5-4e02-b20a-6c3329480d25
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2811 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5d09891a-46d5-4e02-b20a-6c3329480d25
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2810 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5d09891a-46d5-4e02-b20a-6c3329480d25
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2809 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5d09891a-46d5-4e02-b20a-6c3329480d25
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2808 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=23b0e5ae-ae98-4fea-9f87-746f8607cdc0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ad8f81f4-36d2-44ca-876f-1b27011e352c
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2807 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=23b0e5ae-ae98-4fea-9f87-746f8607cdc0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ad8f81f4-36d2-44ca-876f-1b27011e352c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2806 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=23b0e5ae-ae98-4fea-9f87-746f8607cdc0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2805 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=23b0e5ae-ae98-4fea-9f87-746f8607cdc0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2804 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=23b0e5ae-ae98-4fea-9f87-746f8607cdc0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2803 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=23b0e5ae-ae98-4fea-9f87-746f8607cdc0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2802 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=23b0e5ae-ae98-4fea-9f87-746f8607cdc0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2801 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=23b0e5ae-ae98-4fea-9f87-746f8607cdc0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2800 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=23b0e5ae-ae98-4fea-9f87-746f8607cdc0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2799 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=23b0e5ae-ae98-4fea-9f87-746f8607cdc0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2798 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c1d64575-fbed-41b7-b98b-3da8426ccc90
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=5394aeb7-ac35-4d72-b68c-d063ff00b2dc
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2797 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c1d64575-fbed-41b7-b98b-3da8426ccc90
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2796 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c1d64575-fbed-41b7-b98b-3da8426ccc90
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2795 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c1d64575-fbed-41b7-b98b-3da8426ccc90
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2794 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c1d64575-fbed-41b7-b98b-3da8426ccc90
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2793 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c1d64575-fbed-41b7-b98b-3da8426ccc90
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2792 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c1d64575-fbed-41b7-b98b-3da8426ccc90
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2791 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=96cd56b2-6bee-4f75-b857-a9e11c47536e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAGcAQQAzAEEARABVAEEATQBRAEEAdQBBAEQAQQBBAE8AUQBBAHQAQQBEAEkAQQBOAHcAQQB6AEEARABFAEEATQBBAEEANABBAEQAWQBBAE8AUQBBADIAQQBEAGMAQQBOAEEAQQAzAEEARABZAEEATQBnAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=da89f042-e682-4658-bd28-a2e1d76a9580
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2790 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b0c041be-3a93-412c-9879-3295b2e042f6
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA3ADUAMQAuADAAOQAtADIANwAzADEAMAA4ADYAOQA2ADcANAA3ADYAMgAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=397896a3-e475-46a7-9dfb-4898253b7de8
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2789 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b0c041be-3a93-412c-9879-3295b2e042f6
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA3ADUAMQAuADAAOQAtADIANwAzADEAMAA4ADYAOQA2ADcANAA3ADYAMgAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=397896a3-e475-46a7-9dfb-4898253b7de8
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2788 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b0c041be-3a93-412c-9879-3295b2e042f6
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA3ADUAMQAuADAAOQAtADIANwAzADEAMAA4ADYAOQA2ADcANAA3ADYAMgAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2787 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b0c041be-3a93-412c-9879-3295b2e042f6
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA3ADUAMQAuADAAOQAtADIANwAzADEAMAA4ADYAOQA2ADcANAA3ADYAMgAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2786 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b0c041be-3a93-412c-9879-3295b2e042f6
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA3ADUAMQAuADAAOQAtADIANwAzADEAMAA4ADYAOQA2ADcANAA3ADYAMgAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2785 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b0c041be-3a93-412c-9879-3295b2e042f6
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA3ADUAMQAuADAAOQAtADIANwAzADEAMAA4ADYAOQA2ADcANAA3ADYAMgAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2784 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b0c041be-3a93-412c-9879-3295b2e042f6
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA3ADUAMQAuADAAOQAtADIANwAzADEAMAA4ADYAOQA2ADcANAA3ADYAMgAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2783 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b0c041be-3a93-412c-9879-3295b2e042f6
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA3ADUAMQAuADAAOQAtADIANwAzADEAMAA4ADYAOQA2ADcANAA3ADYAMgAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2782 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=96cd56b2-6bee-4f75-b857-a9e11c47536e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAGcAQQAzAEEARABVAEEATQBRAEEAdQBBAEQAQQBBAE8AUQBBAHQAQQBEAEkAQQBOAHcAQQB6AEEARABFAEEATQBBAEEANABBAEQAWQBBAE8AUQBBADIAQQBEAGMAQQBOAEEAQQAzAEEARABZAEEATQBnAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=da89f042-e682-4658-bd28-a2e1d76a9580
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2781 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=96cd56b2-6bee-4f75-b857-a9e11c47536e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAGcAQQAzAEEARABVAEEATQBRAEEAdQBBAEQAQQBBAE8AUQBBAHQAQQBEAEkAQQBOAHcAQQB6AEEARABFAEEATQBBAEEANABBAEQAWQBBAE8AUQBBADIAQQBEAGMAQQBOAEEAQQAzAEEARABZAEEATQBnAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2780 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=96cd56b2-6bee-4f75-b857-a9e11c47536e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAGcAQQAzAEEARABVAEEATQBRAEEAdQBBAEQAQQBBAE8AUQBBAHQAQQBEAEkAQQBOAHcAQQB6AEEARABFAEEATQBBAEEANABBAEQAWQBBAE8AUQBBADIAQQBEAGMAQQBOAEEAQQAzAEEARABZAEEATQBnAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2779 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=96cd56b2-6bee-4f75-b857-a9e11c47536e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAGcAQQAzAEEARABVAEEATQBRAEEAdQBBAEQAQQBBAE8AUQBBAHQAQQBEAEkAQQBOAHcAQQB6AEEARABFAEEATQBBAEEANABBAEQAWQBBAE8AUQBBADIAQQBEAGMAQQBOAEEAQQAzAEEARABZAEEATQBnAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2778 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=96cd56b2-6bee-4f75-b857-a9e11c47536e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAGcAQQAzAEEARABVAEEATQBRAEEAdQBBAEQAQQBBAE8AUQBBAHQAQQBEAEkAQQBOAHcAQQB6AEEARABFAEEATQBBAEEANABBAEQAWQBBAE8AUQBBADIAQQBEAGMAQQBOAEEAQQAzAEEARABZAEEATQBnAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2777 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=96cd56b2-6bee-4f75-b857-a9e11c47536e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAGcAQQAzAEEARABVAEEATQBRAEEAdQBBAEQAQQBBAE8AUQBBAHQAQQBEAEkAQQBOAHcAQQB6AEEARABFAEEATQBBAEEANABBAEQAWQBBAE8AUQBBADIAQQBEAGMAQQBOAEEAQQAzAEEARABZAEEATQBnAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2776 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=96cd56b2-6bee-4f75-b857-a9e11c47536e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAGcAQQAzAEEARABVAEEATQBRAEEAdQBBAEQAQQBBAE8AUQBBAHQAQQBEAEkAQQBOAHcAQQB6AEEARABFAEEATQBBAEEANABBAEQAWQBBAE8AUQBBADIAQQBEAGMAQQBOAEEAQQAzAEEARABZAEEATQBnAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2775 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=80d311a7-8cfd-4b97-81a2-a92a95ad1f52
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=20bd3031-2966-4e4f-936e-b86e3d2676a5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2774 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=89d075a1-cbce-44c6-9ef8-4252687346f1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=a0eef547-d7f5-4721-ba49-2f57f2bce74b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2773 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=89d075a1-cbce-44c6-9ef8-4252687346f1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2772 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=89d075a1-cbce-44c6-9ef8-4252687346f1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2771 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=89d075a1-cbce-44c6-9ef8-4252687346f1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2770 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=89d075a1-cbce-44c6-9ef8-4252687346f1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2769 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=89d075a1-cbce-44c6-9ef8-4252687346f1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2768 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=89d075a1-cbce-44c6-9ef8-4252687346f1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2767 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=89d075a1-cbce-44c6-9ef8-4252687346f1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2766 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=89d075a1-cbce-44c6-9ef8-4252687346f1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2765 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=80d311a7-8cfd-4b97-81a2-a92a95ad1f52
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=20bd3031-2966-4e4f-936e-b86e3d2676a5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2764 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=80d311a7-8cfd-4b97-81a2-a92a95ad1f52
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2763 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=80d311a7-8cfd-4b97-81a2-a92a95ad1f52
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2762 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=80d311a7-8cfd-4b97-81a2-a92a95ad1f52
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2761 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=80d311a7-8cfd-4b97-81a2-a92a95ad1f52
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2760 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=80d311a7-8cfd-4b97-81a2-a92a95ad1f52
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2759 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=80d311a7-8cfd-4b97-81a2-a92a95ad1f52
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2758 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5912f154-3ef0-42d8-8859-7c542ce90b4d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA3ADUAMQAuADAAOQAtADIANwAzADEAMAA4ADYAOQA2ADcANAA3ADYAMgAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=a8db6e3f-6eed-4d46-8f01-7ef2c1facb3a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2757 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5912f154-3ef0-42d8-8859-7c542ce90b4d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA3ADUAMQAuADAAOQAtADIANwAzADEAMAA4ADYAOQA2ADcANAA3ADYAMgAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=a8db6e3f-6eed-4d46-8f01-7ef2c1facb3a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2756 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5912f154-3ef0-42d8-8859-7c542ce90b4d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA3ADUAMQAuADAAOQAtADIANwAzADEAMAA4ADYAOQA2ADcANAA3ADYAMgAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2755 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5912f154-3ef0-42d8-8859-7c542ce90b4d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA3ADUAMQAuADAAOQAtADIANwAzADEAMAA4ADYAOQA2ADcANAA3ADYAMgAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2754 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5912f154-3ef0-42d8-8859-7c542ce90b4d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA3ADUAMQAuADAAOQAtADIANwAzADEAMAA4ADYAOQA2ADcANAA3ADYAMgAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2753 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5912f154-3ef0-42d8-8859-7c542ce90b4d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA3ADUAMQAuADAAOQAtADIANwAzADEAMAA4ADYAOQA2ADcANAA3ADYAMgAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2752 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5912f154-3ef0-42d8-8859-7c542ce90b4d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA3ADUAMQAuADAAOQAtADIANwAzADEAMAA4ADYAOQA2ADcANAA3ADYAMgAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2751 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5912f154-3ef0-42d8-8859-7c542ce90b4d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA3ADUAMQAuADAAOQAtADIANwAzADEAMAA4ADYAOQA2ADcANAA3ADYAMgAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2750 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=759885e8-7a52-4fa0-b2b6-a55f6df6dbaa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAGMAQQBOAFEAQQB4AEEAQwA0AEEATQBBAEEANQBBAEMAMABBAE0AZwBBADMAQQBEAE0AQQBNAFEAQQB3AEEARABnAEEATgBnAEEANQBBAEQAWQBBAE4AdwBBADAAQQBEAGMAQQBOAGcAQQB5AEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=cb488b52-c7a0-4ea8-9a47-a234b9570fb9
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2749 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0e427b5e-8fac-495a-a6b5-97a2a395e934
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAyADcANQAxAC4AMAA5AC0AMgA3ADMAMQAwADgANgA5ADYANwA0ADcANgAyADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=c26c023e-9de2-4247-957a-bf95e28f914a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2748 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0e427b5e-8fac-495a-a6b5-97a2a395e934
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAyADcANQAxAC4AMAA5AC0AMgA3ADMAMQAwADgANgA5ADYANwA0ADcANgAyADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=c26c023e-9de2-4247-957a-bf95e28f914a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2747 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0e427b5e-8fac-495a-a6b5-97a2a395e934
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAyADcANQAxAC4AMAA5AC0AMgA3ADMAMQAwADgANgA5ADYANwA0ADcANgAyADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2746 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0e427b5e-8fac-495a-a6b5-97a2a395e934
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAyADcANQAxAC4AMAA5AC0AMgA3ADMAMQAwADgANgA5ADYANwA0ADcANgAyADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2745 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0e427b5e-8fac-495a-a6b5-97a2a395e934
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAyADcANQAxAC4AMAA5AC0AMgA3ADMAMQAwADgANgA5ADYANwA0ADcANgAyADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2744 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0e427b5e-8fac-495a-a6b5-97a2a395e934
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAyADcANQAxAC4AMAA5AC0AMgA3ADMAMQAwADgANgA5ADYANwA0ADcANgAyADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2743 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0e427b5e-8fac-495a-a6b5-97a2a395e934
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAyADcANQAxAC4AMAA5AC0AMgA3ADMAMQAwADgANgA5ADYANwA0ADcANgAyADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2742 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0e427b5e-8fac-495a-a6b5-97a2a395e934
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAyADcANQAxAC4AMAA5AC0AMgA3ADMAMQAwADgANgA5ADYANwA0ADcANgAyADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2741 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=759885e8-7a52-4fa0-b2b6-a55f6df6dbaa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAGMAQQBOAFEAQQB4AEEAQwA0AEEATQBBAEEANQBBAEMAMABBAE0AZwBBADMAQQBEAE0AQQBNAFEAQQB3AEEARABnAEEATgBnAEEANQBBAEQAWQBBAE4AdwBBADAAQQBEAGMAQQBOAGcAQQB5AEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=cb488b52-c7a0-4ea8-9a47-a234b9570fb9
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2740 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=759885e8-7a52-4fa0-b2b6-a55f6df6dbaa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAGMAQQBOAFEAQQB4AEEAQwA0AEEATQBBAEEANQBBAEMAMABBAE0AZwBBADMAQQBEAE0AQQBNAFEAQQB3AEEARABnAEEATgBnAEEANQBBAEQAWQBBAE4AdwBBADAAQQBEAGMAQQBOAGcAQQB5AEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2739 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=759885e8-7a52-4fa0-b2b6-a55f6df6dbaa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAGMAQQBOAFEAQQB4AEEAQwA0AEEATQBBAEEANQBBAEMAMABBAE0AZwBBADMAQQBEAE0AQQBNAFEAQQB3AEEARABnAEEATgBnAEEANQBBAEQAWQBBAE4AdwBBADAAQQBEAGMAQQBOAGcAQQB5AEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2738 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=759885e8-7a52-4fa0-b2b6-a55f6df6dbaa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAGMAQQBOAFEAQQB4AEEAQwA0AEEATQBBAEEANQBBAEMAMABBAE0AZwBBADMAQQBEAE0AQQBNAFEAQQB3AEEARABnAEEATgBnAEEANQBBAEQAWQBBAE4AdwBBADAAQQBEAGMAQQBOAGcAQQB5AEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2737 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=759885e8-7a52-4fa0-b2b6-a55f6df6dbaa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAGMAQQBOAFEAQQB4AEEAQwA0AEEATQBBAEEANQBBAEMAMABBAE0AZwBBADMAQQBEAE0AQQBNAFEAQQB3AEEARABnAEEATgBnAEEANQBBAEQAWQBBAE4AdwBBADAAQQBEAGMAQQBOAGcAQQB5AEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2736 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=759885e8-7a52-4fa0-b2b6-a55f6df6dbaa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAGMAQQBOAFEAQQB4AEEAQwA0AEEATQBBAEEANQBBAEMAMABBAE0AZwBBADMAQQBEAE0AQQBNAFEAQQB3AEEARABnAEEATgBnAEEANQBBAEQAWQBBAE4AdwBBADAAQQBEAGMAQQBOAGcAQQB5AEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2735 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=759885e8-7a52-4fa0-b2b6-a55f6df6dbaa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAGMAQQBOAFEAQQB4AEEAQwA0AEEATQBBAEEANQBBAEMAMABBAE0AZwBBADMAQQBEAE0AQQBNAFEAQQB3AEEARABnAEEATgBnAEEANQBBAEQAWQBBAE4AdwBBADAAQQBEAGMAQQBOAGcAQQB5AEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2734 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=df9ad8aa-b5f6-4d53-92a1-04a80b0d421d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=df87ad8d-e902-48d6-bb10-047f543fd3e5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2733 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=230cbaf1-5f60-4168-86e9-541300a722b0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=0cbb482c-0cae-4d51-abda-b8ad45ad0f24
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2732 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=230cbaf1-5f60-4168-86e9-541300a722b0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2731 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=230cbaf1-5f60-4168-86e9-541300a722b0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2730 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=230cbaf1-5f60-4168-86e9-541300a722b0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2729 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=230cbaf1-5f60-4168-86e9-541300a722b0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2728 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=230cbaf1-5f60-4168-86e9-541300a722b0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2727 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=230cbaf1-5f60-4168-86e9-541300a722b0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2726 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=230cbaf1-5f60-4168-86e9-541300a722b0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2725 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=230cbaf1-5f60-4168-86e9-541300a722b0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2724 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=df9ad8aa-b5f6-4d53-92a1-04a80b0d421d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=df87ad8d-e902-48d6-bb10-047f543fd3e5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2723 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=df9ad8aa-b5f6-4d53-92a1-04a80b0d421d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2722 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=df9ad8aa-b5f6-4d53-92a1-04a80b0d421d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2721 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=df9ad8aa-b5f6-4d53-92a1-04a80b0d421d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2720 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=df9ad8aa-b5f6-4d53-92a1-04a80b0d421d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2719 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=df9ad8aa-b5f6-4d53-92a1-04a80b0d421d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2718 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=df9ad8aa-b5f6-4d53-92a1-04a80b0d421d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2717 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d42da761-d105-4e3e-a61f-5b2214bfa6f4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=7bb09bb0-addf-4c49-aafd-15000635225d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2716 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5187b4d7-be8d-449a-bc7b-c857c5a1307d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG8AcwAtAHcAaQBuAA==
EngineVersion=5.1.14393.1944
RunspaceId=d7230fb2-142a-493a-abc8-bae9790958ed
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2715 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:39:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5187b4d7-be8d-449a-bc7b-c857c5a1307d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG8AcwAtAHcAaQBuAA==
EngineVersion=5.1.14393.1944
RunspaceId=d7230fb2-142a-493a-abc8-bae9790958ed
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2714 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:56 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5187b4d7-be8d-449a-bc7b-c857c5a1307d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG8AcwAtAHcAaQBuAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2713 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:56 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5187b4d7-be8d-449a-bc7b-c857c5a1307d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG8AcwAtAHcAaQBuAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2712 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:56 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5187b4d7-be8d-449a-bc7b-c857c5a1307d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG8AcwAtAHcAaQBuAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2711 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:56 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5187b4d7-be8d-449a-bc7b-c857c5a1307d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG8AcwAtAHcAaQBuAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2710 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:56 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5187b4d7-be8d-449a-bc7b-c857c5a1307d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG8AcwAtAHcAaQBuAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2709 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:56 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5187b4d7-be8d-449a-bc7b-c857c5a1307d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG8AcwAtAHcAaQBuAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2708 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:56 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=82468d9f-39be-4de6-9008-a388e8ec87ef
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=1b5ad63b-c6bc-4c03-b74f-8f5ffe533fbf
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2707 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:55 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=82468d9f-39be-4de6-9008-a388e8ec87ef
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=1b5ad63b-c6bc-4c03-b74f-8f5ffe533fbf
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2706 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:55 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=82468d9f-39be-4de6-9008-a388e8ec87ef
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2705 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:55 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=82468d9f-39be-4de6-9008-a388e8ec87ef
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2704 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:55 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=82468d9f-39be-4de6-9008-a388e8ec87ef
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2703 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:55 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=82468d9f-39be-4de6-9008-a388e8ec87ef
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2702 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:55 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=82468d9f-39be-4de6-9008-a388e8ec87ef
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2701 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:55 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=82468d9f-39be-4de6-9008-a388e8ec87ef
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2700 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:55 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=82468d9f-39be-4de6-9008-a388e8ec87ef
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2699 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:55 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=82468d9f-39be-4de6-9008-a388e8ec87ef
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2698 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:55 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d42da761-d105-4e3e-a61f-5b2214bfa6f4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=7bb09bb0-addf-4c49-aafd-15000635225d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2697 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:54 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d42da761-d105-4e3e-a61f-5b2214bfa6f4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2696 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:54 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d42da761-d105-4e3e-a61f-5b2214bfa6f4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2695 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:54 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d42da761-d105-4e3e-a61f-5b2214bfa6f4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2694 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:54 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d42da761-d105-4e3e-a61f-5b2214bfa6f4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2693 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:54 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d42da761-d105-4e3e-a61f-5b2214bfa6f4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2692 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:54 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d42da761-d105-4e3e-a61f-5b2214bfa6f4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2691 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:54 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a7621f86-121b-432f-b7eb-be5ea602706e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9f34168c-f4de-454f-9384-cbd3b672d82c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2690 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:54 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3d11f5ec-86dc-4fa4-b9b0-5ceafcbf7ae3
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG8AcwAtAHcAaQBuACAAIgAtAGUAIABmAGkAbABlADoALwAvAC8AQwA6AC8AbwBwAGUAbgBzAHQAYQBjAGsALwBiAHUAaQBsAGQALwBvAHMALQB3AGkAbgAjAGUAZwBnAD0AbwBzAC0AdwBpAG4AIgA=
EngineVersion=5.1.14393.1944
RunspaceId=426fb55d-9cee-4a47-a2fc-e1380e5da624
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2689 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:53 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3d11f5ec-86dc-4fa4-b9b0-5ceafcbf7ae3
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG8AcwAtAHcAaQBuACAAIgAtAGUAIABmAGkAbABlADoALwAvAC8AQwA6AC8AbwBwAGUAbgBzAHQAYQBjAGsALwBiAHUAaQBsAGQALwBvAHMALQB3AGkAbgAjAGUAZwBnAD0AbwBzAC0AdwBpAG4AIgA=
EngineVersion=5.1.14393.1944
RunspaceId=426fb55d-9cee-4a47-a2fc-e1380e5da624
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2688 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:52 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3d11f5ec-86dc-4fa4-b9b0-5ceafcbf7ae3
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG8AcwAtAHcAaQBuACAAIgAtAGUAIABmAGkAbABlADoALwAvAC8AQwA6AC8AbwBwAGUAbgBzAHQAYQBjAGsALwBiAHUAaQBsAGQALwBvAHMALQB3AGkAbgAjAGUAZwBnAD0AbwBzAC0AdwBpAG4AIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2687 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:52 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3d11f5ec-86dc-4fa4-b9b0-5ceafcbf7ae3
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG8AcwAtAHcAaQBuACAAIgAtAGUAIABmAGkAbABlADoALwAvAC8AQwA6AC8AbwBwAGUAbgBzAHQAYQBjAGsALwBiAHUAaQBsAGQALwBvAHMALQB3AGkAbgAjAGUAZwBnAD0AbwBzAC0AdwBpAG4AIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2686 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:52 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3d11f5ec-86dc-4fa4-b9b0-5ceafcbf7ae3
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG8AcwAtAHcAaQBuACAAIgAtAGUAIABmAGkAbABlADoALwAvAC8AQwA6AC8AbwBwAGUAbgBzAHQAYQBjAGsALwBiAHUAaQBsAGQALwBvAHMALQB3AGkAbgAjAGUAZwBnAD0AbwBzAC0AdwBpAG4AIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2685 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:52 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3d11f5ec-86dc-4fa4-b9b0-5ceafcbf7ae3
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG8AcwAtAHcAaQBuACAAIgAtAGUAIABmAGkAbABlADoALwAvAC8AQwA6AC8AbwBwAGUAbgBzAHQAYQBjAGsALwBiAHUAaQBsAGQALwBvAHMALQB3AGkAbgAjAGUAZwBnAD0AbwBzAC0AdwBpAG4AIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2684 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:52 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3d11f5ec-86dc-4fa4-b9b0-5ceafcbf7ae3
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG8AcwAtAHcAaQBuACAAIgAtAGUAIABmAGkAbABlADoALwAvAC8AQwA6AC8AbwBwAGUAbgBzAHQAYQBjAGsALwBiAHUAaQBsAGQALwBvAHMALQB3AGkAbgAjAGUAZwBnAD0AbwBzAC0AdwBpAG4AIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2683 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:52 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3d11f5ec-86dc-4fa4-b9b0-5ceafcbf7ae3
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG8AcwAtAHcAaQBuACAAIgAtAGUAIABmAGkAbABlADoALwAvAC8AQwA6AC8AbwBwAGUAbgBzAHQAYQBjAGsALwBiAHUAaQBsAGQALwBvAHMALQB3AGkAbgAjAGUAZwBnAD0AbwBzAC0AdwBpAG4AIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2682 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:52 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0520ae72-d9ba-4f41-818f-5270b2eb4837
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=a900f197-271b-4928-a287-94802e2f0f72
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2681 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:52 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0520ae72-d9ba-4f41-818f-5270b2eb4837
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=a900f197-271b-4928-a287-94802e2f0f72
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2680 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:51 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0520ae72-d9ba-4f41-818f-5270b2eb4837
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2679 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:51 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0520ae72-d9ba-4f41-818f-5270b2eb4837
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2678 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:51 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0520ae72-d9ba-4f41-818f-5270b2eb4837
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2677 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:51 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0520ae72-d9ba-4f41-818f-5270b2eb4837
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2676 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:51 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0520ae72-d9ba-4f41-818f-5270b2eb4837
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2675 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:51 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0520ae72-d9ba-4f41-818f-5270b2eb4837
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2674 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:51 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0520ae72-d9ba-4f41-818f-5270b2eb4837
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2673 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:51 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0520ae72-d9ba-4f41-818f-5270b2eb4837
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2672 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:51 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a7621f86-121b-432f-b7eb-be5ea602706e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9f34168c-f4de-454f-9384-cbd3b672d82c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2671 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:50 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a7621f86-121b-432f-b7eb-be5ea602706e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2670 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:50 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a7621f86-121b-432f-b7eb-be5ea602706e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2669 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:50 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a7621f86-121b-432f-b7eb-be5ea602706e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2668 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:50 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a7621f86-121b-432f-b7eb-be5ea602706e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2667 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:50 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a7621f86-121b-432f-b7eb-be5ea602706e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2666 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:50 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a7621f86-121b-432f-b7eb-be5ea602706e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2665 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:50 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5eff5fca-9d98-419e-bf1a-74cef38520f1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=724d12de-729c-421f-b7a0-476a690cb141
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2664 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:49 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bd357710-83b5-4888-8249-696e454ab722
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABvAHMALQB3AGkAbgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=5.1.14393.1944
RunspaceId=e9376b17-8f5d-4644-a0b9-fd7a48ceb719
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2663 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:49 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bd357710-83b5-4888-8249-696e454ab722
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABvAHMALQB3AGkAbgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=5.1.14393.1944
RunspaceId=e9376b17-8f5d-4644-a0b9-fd7a48ceb719
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2662 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:49 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bd357710-83b5-4888-8249-696e454ab722
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABvAHMALQB3AGkAbgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2661 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:49 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bd357710-83b5-4888-8249-696e454ab722
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABvAHMALQB3AGkAbgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2660 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:49 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bd357710-83b5-4888-8249-696e454ab722
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABvAHMALQB3AGkAbgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2659 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:49 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bd357710-83b5-4888-8249-696e454ab722
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABvAHMALQB3AGkAbgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2658 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:49 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bd357710-83b5-4888-8249-696e454ab722
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABvAHMALQB3AGkAbgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2657 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:49 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bd357710-83b5-4888-8249-696e454ab722
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABvAHMALQB3AGkAbgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2656 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:49 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d5f0cb9b-aa03-45df-ac71-1b09425c967a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=148ef616-36d8-44b9-97e9-9f5d7c9ead1e
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2655 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:49 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d5f0cb9b-aa03-45df-ac71-1b09425c967a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=148ef616-36d8-44b9-97e9-9f5d7c9ead1e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2654 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:48 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d5f0cb9b-aa03-45df-ac71-1b09425c967a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2653 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:48 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d5f0cb9b-aa03-45df-ac71-1b09425c967a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2652 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:48 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d5f0cb9b-aa03-45df-ac71-1b09425c967a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2651 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:48 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d5f0cb9b-aa03-45df-ac71-1b09425c967a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2650 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:48 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d5f0cb9b-aa03-45df-ac71-1b09425c967a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2649 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:48 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d5f0cb9b-aa03-45df-ac71-1b09425c967a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2648 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:48 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d5f0cb9b-aa03-45df-ac71-1b09425c967a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2647 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:48 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d5f0cb9b-aa03-45df-ac71-1b09425c967a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2646 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:48 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5eff5fca-9d98-419e-bf1a-74cef38520f1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=724d12de-729c-421f-b7a0-476a690cb141
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2645 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:48 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5eff5fca-9d98-419e-bf1a-74cef38520f1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2644 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:48 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5eff5fca-9d98-419e-bf1a-74cef38520f1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2643 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:48 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5eff5fca-9d98-419e-bf1a-74cef38520f1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2642 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:48 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5eff5fca-9d98-419e-bf1a-74cef38520f1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2641 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:48 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5eff5fca-9d98-419e-bf1a-74cef38520f1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2640 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:48 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5eff5fca-9d98-419e-bf1a-74cef38520f1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2639 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:48 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e8ebfe42-c6dd-47ea-b4ff-018dc978cb19
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAGcAQQAzAEEARABJAEEATgBBAEEAdQBBAEQAVQBBAE4AZwBBAHQAQQBEAEkAQQBNAFEAQQAyAEEARABRAEEATwBRAEEAegBBAEQAawBBAE8AUQBBAHgAQQBEAGcAQQBPAEEAQQAzAEEARABrAEEATgB3AEEAMABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=0c91295a-558e-47cf-aa10-a7d562dea9d0
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2638 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:47 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b10a5798-cec7-4044-9c7b-ab9e7d1ff3b7
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA3ADIANAAuADUANgAtADIAMQA2ADQAOQAzADkAOQAxADgAOAA3ADkANwA0ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=11732f2b-dc61-4fbf-a05e-d5b912b51818
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2637 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:47 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b10a5798-cec7-4044-9c7b-ab9e7d1ff3b7
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA3ADIANAAuADUANgAtADIAMQA2ADQAOQAzADkAOQAxADgAOAA3ADkANwA0ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=11732f2b-dc61-4fbf-a05e-d5b912b51818
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2636 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:47 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b10a5798-cec7-4044-9c7b-ab9e7d1ff3b7
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA3ADIANAAuADUANgAtADIAMQA2ADQAOQAzADkAOQAxADgAOAA3ADkANwA0ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2635 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:47 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b10a5798-cec7-4044-9c7b-ab9e7d1ff3b7
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA3ADIANAAuADUANgAtADIAMQA2ADQAOQAzADkAOQAxADgAOAA3ADkANwA0ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2634 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:47 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b10a5798-cec7-4044-9c7b-ab9e7d1ff3b7
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA3ADIANAAuADUANgAtADIAMQA2ADQAOQAzADkAOQAxADgAOAA3ADkANwA0ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2633 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:47 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b10a5798-cec7-4044-9c7b-ab9e7d1ff3b7
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA3ADIANAAuADUANgAtADIAMQA2ADQAOQAzADkAOQAxADgAOAA3ADkANwA0ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2632 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:47 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b10a5798-cec7-4044-9c7b-ab9e7d1ff3b7
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA3ADIANAAuADUANgAtADIAMQA2ADQAOQAzADkAOQAxADgAOAA3ADkANwA0ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2631 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:47 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b10a5798-cec7-4044-9c7b-ab9e7d1ff3b7
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA3ADIANAAuADUANgAtADIAMQA2ADQAOQAzADkAOQAxADgAOAA3ADkANwA0ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2630 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:47 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e8ebfe42-c6dd-47ea-b4ff-018dc978cb19
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAGcAQQAzAEEARABJAEEATgBBAEEAdQBBAEQAVQBBAE4AZwBBAHQAQQBEAEkAQQBNAFEAQQAyAEEARABRAEEATwBRAEEAegBBAEQAawBBAE8AUQBBAHgAQQBEAGcAQQBPAEEAQQAzAEEARABrAEEATgB3AEEAMABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=0c91295a-558e-47cf-aa10-a7d562dea9d0
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2629 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:46 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e8ebfe42-c6dd-47ea-b4ff-018dc978cb19
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAGcAQQAzAEEARABJAEEATgBBAEEAdQBBAEQAVQBBAE4AZwBBAHQAQQBEAEkAQQBNAFEAQQAyAEEARABRAEEATwBRAEEAegBBAEQAawBBAE8AUQBBAHgAQQBEAGcAQQBPAEEAQQAzAEEARABrAEEATgB3AEEAMABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2628 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:46 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e8ebfe42-c6dd-47ea-b4ff-018dc978cb19
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAGcAQQAzAEEARABJAEEATgBBAEEAdQBBAEQAVQBBAE4AZwBBAHQAQQBEAEkAQQBNAFEAQQAyAEEARABRAEEATwBRAEEAegBBAEQAawBBAE8AUQBBAHgAQQBEAGcAQQBPAEEAQQAzAEEARABrAEEATgB3AEEAMABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2627 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:46 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e8ebfe42-c6dd-47ea-b4ff-018dc978cb19
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAGcAQQAzAEEARABJAEEATgBBAEEAdQBBAEQAVQBBAE4AZwBBAHQAQQBEAEkAQQBNAFEAQQAyAEEARABRAEEATwBRAEEAegBBAEQAawBBAE8AUQBBAHgAQQBEAGcAQQBPAEEAQQAzAEEARABrAEEATgB3AEEAMABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2626 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:46 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e8ebfe42-c6dd-47ea-b4ff-018dc978cb19
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAGcAQQAzAEEARABJAEEATgBBAEEAdQBBAEQAVQBBAE4AZwBBAHQAQQBEAEkAQQBNAFEAQQAyAEEARABRAEEATwBRAEEAegBBAEQAawBBAE8AUQBBAHgAQQBEAGcAQQBPAEEAQQAzAEEARABrAEEATgB3AEEAMABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2625 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:46 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e8ebfe42-c6dd-47ea-b4ff-018dc978cb19
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAGcAQQAzAEEARABJAEEATgBBAEEAdQBBAEQAVQBBAE4AZwBBAHQAQQBEAEkAQQBNAFEAQQAyAEEARABRAEEATwBRAEEAegBBAEQAawBBAE8AUQBBAHgAQQBEAGcAQQBPAEEAQQAzAEEARABrAEEATgB3AEEAMABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2624 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:46 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e8ebfe42-c6dd-47ea-b4ff-018dc978cb19
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAGcAQQAzAEEARABJAEEATgBBAEEAdQBBAEQAVQBBAE4AZwBBAHQAQQBEAEkAQQBNAFEAQQAyAEEARABRAEEATwBRAEEAegBBAEQAawBBAE8AUQBBAHgAQQBEAGcAQQBPAEEAQQAzAEEARABrAEEATgB3AEEAMABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2623 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:46 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b2affcd8-2cec-47b0-a84a-9358f5cc419c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=8f65c43f-4415-47ae-a2a7-9339c14d7cbc
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2622 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:46 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f099e5b7-7cce-4172-9596-18c825ffa1f9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=7e88ad9e-6f80-4cd0-91d6-ead223453d30
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2621 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:46 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f099e5b7-7cce-4172-9596-18c825ffa1f9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2620 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:46 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f099e5b7-7cce-4172-9596-18c825ffa1f9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2619 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:46 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f099e5b7-7cce-4172-9596-18c825ffa1f9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2618 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:46 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f099e5b7-7cce-4172-9596-18c825ffa1f9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2617 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:46 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f099e5b7-7cce-4172-9596-18c825ffa1f9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2616 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:46 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f099e5b7-7cce-4172-9596-18c825ffa1f9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2615 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:46 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f099e5b7-7cce-4172-9596-18c825ffa1f9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2614 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:46 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f099e5b7-7cce-4172-9596-18c825ffa1f9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2613 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:46 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b2affcd8-2cec-47b0-a84a-9358f5cc419c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=8f65c43f-4415-47ae-a2a7-9339c14d7cbc
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2612 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:45 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b2affcd8-2cec-47b0-a84a-9358f5cc419c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2611 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:45 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b2affcd8-2cec-47b0-a84a-9358f5cc419c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2610 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:45 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b2affcd8-2cec-47b0-a84a-9358f5cc419c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2609 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:45 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b2affcd8-2cec-47b0-a84a-9358f5cc419c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2608 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:45 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b2affcd8-2cec-47b0-a84a-9358f5cc419c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2607 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:45 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b2affcd8-2cec-47b0-a84a-9358f5cc419c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2606 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:45 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f4ccdded-52e2-4f98-b921-c865593a6052
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA3ADIANAAuADUANgAtADIAMQA2ADQAOQAzADkAOQAxADgAOAA3ADkANwA0AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=6d921a0a-aad1-49c4-abee-34a731216fae
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2605 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:45 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f4ccdded-52e2-4f98-b921-c865593a6052
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA3ADIANAAuADUANgAtADIAMQA2ADQAOQAzADkAOQAxADgAOAA3ADkANwA0AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=6d921a0a-aad1-49c4-abee-34a731216fae
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2604 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:45 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f4ccdded-52e2-4f98-b921-c865593a6052
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA3ADIANAAuADUANgAtADIAMQA2ADQAOQAzADkAOQAxADgAOAA3ADkANwA0AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2603 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:45 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f4ccdded-52e2-4f98-b921-c865593a6052
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA3ADIANAAuADUANgAtADIAMQA2ADQAOQAzADkAOQAxADgAOAA3ADkANwA0AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2602 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:45 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f4ccdded-52e2-4f98-b921-c865593a6052
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA3ADIANAAuADUANgAtADIAMQA2ADQAOQAzADkAOQAxADgAOAA3ADkANwA0AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2601 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:45 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f4ccdded-52e2-4f98-b921-c865593a6052
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA3ADIANAAuADUANgAtADIAMQA2ADQAOQAzADkAOQAxADgAOAA3ADkANwA0AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2600 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:45 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f4ccdded-52e2-4f98-b921-c865593a6052
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA3ADIANAAuADUANgAtADIAMQA2ADQAOQAzADkAOQAxADgAOAA3ADkANwA0AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2599 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:45 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f4ccdded-52e2-4f98-b921-c865593a6052
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA3ADIANAAuADUANgAtADIAMQA2ADQAOQAzADkAOQAxADgAOAA3ADkANwA0AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2598 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:45 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7f4c0431-e903-4687-bef1-e4004e07939b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAGMAQQBNAGcAQQAwAEEAQwA0AEEATgBRAEEAMgBBAEMAMABBAE0AZwBBAHgAQQBEAFkAQQBOAEEAQQA1AEEARABNAEEATwBRAEEANQBBAEQARQBBAE8AQQBBADQAQQBEAGMAQQBPAFEAQQAzAEEARABRAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=83b89e1b-6b4d-4578-9c60-649d03b69c89
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2597 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:45 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cfe72d2d-95fd-401a-b73b-5c7ffff27ab6
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAyADcAMgA0AC4ANQA2AC0AMgAxADYANAA5ADMAOQA5ADEAOAA4ADcAOQA3ADQAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=5169e80e-81cc-47ac-8415-aea9bd7cd45b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2596 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:45 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cfe72d2d-95fd-401a-b73b-5c7ffff27ab6
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAyADcAMgA0AC4ANQA2AC0AMgAxADYANAA5ADMAOQA5ADEAOAA4ADcAOQA3ADQAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=5169e80e-81cc-47ac-8415-aea9bd7cd45b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2595 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:44 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cfe72d2d-95fd-401a-b73b-5c7ffff27ab6
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAyADcAMgA0AC4ANQA2AC0AMgAxADYANAA5ADMAOQA5ADEAOAA4ADcAOQA3ADQAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2594 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:44 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cfe72d2d-95fd-401a-b73b-5c7ffff27ab6
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAyADcAMgA0AC4ANQA2AC0AMgAxADYANAA5ADMAOQA5ADEAOAA4ADcAOQA3ADQAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2593 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:44 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cfe72d2d-95fd-401a-b73b-5c7ffff27ab6
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAyADcAMgA0AC4ANQA2AC0AMgAxADYANAA5ADMAOQA5ADEAOAA4ADcAOQA3ADQAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2592 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:44 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cfe72d2d-95fd-401a-b73b-5c7ffff27ab6
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAyADcAMgA0AC4ANQA2AC0AMgAxADYANAA5ADMAOQA5ADEAOAA4ADcAOQA3ADQAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2591 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:44 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cfe72d2d-95fd-401a-b73b-5c7ffff27ab6
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAyADcAMgA0AC4ANQA2AC0AMgAxADYANAA5ADMAOQA5ADEAOAA4ADcAOQA3ADQAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2590 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:44 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cfe72d2d-95fd-401a-b73b-5c7ffff27ab6
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAyADcAMgA0AC4ANQA2AC0AMgAxADYANAA5ADMAOQA5ADEAOAA4ADcAOQA3ADQAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2589 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:44 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7f4c0431-e903-4687-bef1-e4004e07939b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAGMAQQBNAGcAQQAwAEEAQwA0AEEATgBRAEEAMgBBAEMAMABBAE0AZwBBAHgAQQBEAFkAQQBOAEEAQQA1AEEARABNAEEATwBRAEEANQBBAEQARQBBAE8AQQBBADQAQQBEAGMAQQBPAFEAQQAzAEEARABRAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=83b89e1b-6b4d-4578-9c60-649d03b69c89
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2588 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:44 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7f4c0431-e903-4687-bef1-e4004e07939b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAGMAQQBNAGcAQQAwAEEAQwA0AEEATgBRAEEAMgBBAEMAMABBAE0AZwBBAHgAQQBEAFkAQQBOAEEAQQA1AEEARABNAEEATwBRAEEANQBBAEQARQBBAE8AQQBBADQAQQBEAGMAQQBPAFEAQQAzAEEARABRAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2587 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:44 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7f4c0431-e903-4687-bef1-e4004e07939b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAGMAQQBNAGcAQQAwAEEAQwA0AEEATgBRAEEAMgBBAEMAMABBAE0AZwBBAHgAQQBEAFkAQQBOAEEAQQA1AEEARABNAEEATwBRAEEANQBBAEQARQBBAE8AQQBBADQAQQBEAGMAQQBPAFEAQQAzAEEARABRAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2586 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:44 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7f4c0431-e903-4687-bef1-e4004e07939b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAGMAQQBNAGcAQQAwAEEAQwA0AEEATgBRAEEAMgBBAEMAMABBAE0AZwBBAHgAQQBEAFkAQQBOAEEAQQA1AEEARABNAEEATwBRAEEANQBBAEQARQBBAE8AQQBBADQAQQBEAGMAQQBPAFEAQQAzAEEARABRAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2585 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:44 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7f4c0431-e903-4687-bef1-e4004e07939b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAGMAQQBNAGcAQQAwAEEAQwA0AEEATgBRAEEAMgBBAEMAMABBAE0AZwBBAHgAQQBEAFkAQQBOAEEAQQA1AEEARABNAEEATwBRAEEANQBBAEQARQBBAE8AQQBBADQAQQBEAGMAQQBPAFEAQQAzAEEARABRAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2584 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:44 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7f4c0431-e903-4687-bef1-e4004e07939b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAGMAQQBNAGcAQQAwAEEAQwA0AEEATgBRAEEAMgBBAEMAMABBAE0AZwBBAHgAQQBEAFkAQQBOAEEAQQA1AEEARABNAEEATwBRAEEANQBBAEQARQBBAE8AQQBBADQAQQBEAGMAQQBPAFEAQQAzAEEARABRAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2583 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:44 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7f4c0431-e903-4687-bef1-e4004e07939b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAGMAQQBNAGcAQQAwAEEAQwA0AEEATgBRAEEAMgBBAEMAMABBAE0AZwBBAHgAQQBEAFkAQQBOAEEAQQA1AEEARABNAEEATwBRAEEANQBBAEQARQBBAE8AQQBBADQAQQBEAGMAQQBPAFEAQQAzAEEARABRAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2582 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:44 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5cbabd3e-69b9-4288-a158-589fdbc52df8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=88d6ef8d-5efc-403e-b266-b5795bdfc103
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2581 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:44 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ba421179-a4d3-4ca6-a8b9-176c4e9c98fd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=a8b687fe-9b52-421a-a64b-84d08897a737
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2580 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:44 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ba421179-a4d3-4ca6-a8b9-176c4e9c98fd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2579 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:44 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ba421179-a4d3-4ca6-a8b9-176c4e9c98fd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2578 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:44 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ba421179-a4d3-4ca6-a8b9-176c4e9c98fd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2577 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:44 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ba421179-a4d3-4ca6-a8b9-176c4e9c98fd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2576 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:44 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ba421179-a4d3-4ca6-a8b9-176c4e9c98fd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2575 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:44 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ba421179-a4d3-4ca6-a8b9-176c4e9c98fd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2574 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:44 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ba421179-a4d3-4ca6-a8b9-176c4e9c98fd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2573 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:44 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ba421179-a4d3-4ca6-a8b9-176c4e9c98fd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2572 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:44 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5cbabd3e-69b9-4288-a158-589fdbc52df8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=88d6ef8d-5efc-403e-b266-b5795bdfc103
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2571 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:43 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5cbabd3e-69b9-4288-a158-589fdbc52df8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2570 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:43 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5cbabd3e-69b9-4288-a158-589fdbc52df8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2569 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:43 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5cbabd3e-69b9-4288-a158-589fdbc52df8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2568 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:43 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5cbabd3e-69b9-4288-a158-589fdbc52df8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2567 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:43 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5cbabd3e-69b9-4288-a158-589fdbc52df8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2566 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:43 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5cbabd3e-69b9-4288-a158-589fdbc52df8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2565 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:43 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c77d1a05-6cb3-41c8-982f-6c0ef151548b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9d4b99e7-c6bf-4eab-84a3-b795d3d9a1a0
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2564 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:42 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ca0ff772-12b2-4acb-a864-3e766654fa30
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAGMAbwBtAHAAdQB0AGUALQBoAHkAcABlAHIAdgA=
EngineVersion=5.1.14393.1944
RunspaceId=585a14af-a5e2-4af0-8c9e-d6845e034b82
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2563 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:42 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ca0ff772-12b2-4acb-a864-3e766654fa30
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAGMAbwBtAHAAdQB0AGUALQBoAHkAcABlAHIAdgA=
EngineVersion=5.1.14393.1944
RunspaceId=585a14af-a5e2-4af0-8c9e-d6845e034b82
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2562 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:29 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ca0ff772-12b2-4acb-a864-3e766654fa30
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAGMAbwBtAHAAdQB0AGUALQBoAHkAcABlAHIAdgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2561 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:29 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ca0ff772-12b2-4acb-a864-3e766654fa30
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAGMAbwBtAHAAdQB0AGUALQBoAHkAcABlAHIAdgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2560 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:29 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ca0ff772-12b2-4acb-a864-3e766654fa30
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAGMAbwBtAHAAdQB0AGUALQBoAHkAcABlAHIAdgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2559 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:29 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ca0ff772-12b2-4acb-a864-3e766654fa30
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAGMAbwBtAHAAdQB0AGUALQBoAHkAcABlAHIAdgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2558 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:29 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ca0ff772-12b2-4acb-a864-3e766654fa30
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAGMAbwBtAHAAdQB0AGUALQBoAHkAcABlAHIAdgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2557 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:29 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ca0ff772-12b2-4acb-a864-3e766654fa30
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAGMAbwBtAHAAdQB0AGUALQBoAHkAcABlAHIAdgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2556 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:29 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=af048819-dab0-44ea-89b5-45ae7ab27900
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=889fe269-2d39-4407-bafa-3ec6b2e12ff2
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2555 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:29 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=af048819-dab0-44ea-89b5-45ae7ab27900
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=889fe269-2d39-4407-bafa-3ec6b2e12ff2
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2554 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=af048819-dab0-44ea-89b5-45ae7ab27900
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2553 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=af048819-dab0-44ea-89b5-45ae7ab27900
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2552 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=af048819-dab0-44ea-89b5-45ae7ab27900
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2551 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=af048819-dab0-44ea-89b5-45ae7ab27900
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2550 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=af048819-dab0-44ea-89b5-45ae7ab27900
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2549 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=af048819-dab0-44ea-89b5-45ae7ab27900
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2548 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=af048819-dab0-44ea-89b5-45ae7ab27900
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2547 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=af048819-dab0-44ea-89b5-45ae7ab27900
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2546 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c77d1a05-6cb3-41c8-982f-6c0ef151548b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9d4b99e7-c6bf-4eab-84a3-b795d3d9a1a0
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2545 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c77d1a05-6cb3-41c8-982f-6c0ef151548b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2544 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c77d1a05-6cb3-41c8-982f-6c0ef151548b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2543 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c77d1a05-6cb3-41c8-982f-6c0ef151548b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2542 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c77d1a05-6cb3-41c8-982f-6c0ef151548b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2541 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c77d1a05-6cb3-41c8-982f-6c0ef151548b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2540 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c77d1a05-6cb3-41c8-982f-6c0ef151548b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2539 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d5fe2389-5737-484f-9e63-a7ab8e1bb77f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=239dadc2-f44a-4b36-a84e-b0c93378241b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2538 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:27 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bd98d94a-a887-4d83-844f-e668c6a0780c
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAGMAbwBtAHAAdQB0AGUALQBoAHkAcABlAHIAdgAgACIALQBlACAAZgBpAGwAZQA6AC8ALwAvAEMAOgAvAG8AcABlAG4AcwB0AGEAYwBrAC8AYgB1AGkAbABkAC8AYwBvAG0AcAB1AHQAZQAtAGgAeQBwAGUAcgB2ACMAZQBnAGcAPQBjAG8AbQBwAHUAdABlAC0AaAB5AHAAZQByAHYAIgA=
EngineVersion=5.1.14393.1944
RunspaceId=ff0be8ed-056d-4e2f-8c7b-17ccc3e49e21
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2537 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:27 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bd98d94a-a887-4d83-844f-e668c6a0780c
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAGMAbwBtAHAAdQB0AGUALQBoAHkAcABlAHIAdgAgACIALQBlACAAZgBpAGwAZQA6AC8ALwAvAEMAOgAvAG8AcABlAG4AcwB0AGEAYwBrAC8AYgB1AGkAbABkAC8AYwBvAG0AcAB1AHQAZQAtAGgAeQBwAGUAcgB2ACMAZQBnAGcAPQBjAG8AbQBwAHUAdABlAC0AaAB5AHAAZQByAHYAIgA=
EngineVersion=5.1.14393.1944
RunspaceId=ff0be8ed-056d-4e2f-8c7b-17ccc3e49e21
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2536 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bd98d94a-a887-4d83-844f-e668c6a0780c
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAGMAbwBtAHAAdQB0AGUALQBoAHkAcABlAHIAdgAgACIALQBlACAAZgBpAGwAZQA6AC8ALwAvAEMAOgAvAG8AcABlAG4AcwB0AGEAYwBrAC8AYgB1AGkAbABkAC8AYwBvAG0AcAB1AHQAZQAtAGgAeQBwAGUAcgB2ACMAZQBnAGcAPQBjAG8AbQBwAHUAdABlAC0AaAB5AHAAZQByAHYAIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2535 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bd98d94a-a887-4d83-844f-e668c6a0780c
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAGMAbwBtAHAAdQB0AGUALQBoAHkAcABlAHIAdgAgACIALQBlACAAZgBpAGwAZQA6AC8ALwAvAEMAOgAvAG8AcABlAG4AcwB0AGEAYwBrAC8AYgB1AGkAbABkAC8AYwBvAG0AcAB1AHQAZQAtAGgAeQBwAGUAcgB2ACMAZQBnAGcAPQBjAG8AbQBwAHUAdABlAC0AaAB5AHAAZQByAHYAIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2534 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bd98d94a-a887-4d83-844f-e668c6a0780c
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAGMAbwBtAHAAdQB0AGUALQBoAHkAcABlAHIAdgAgACIALQBlACAAZgBpAGwAZQA6AC8ALwAvAEMAOgAvAG8AcABlAG4AcwB0AGEAYwBrAC8AYgB1AGkAbABkAC8AYwBvAG0AcAB1AHQAZQAtAGgAeQBwAGUAcgB2ACMAZQBnAGcAPQBjAG8AbQBwAHUAdABlAC0AaAB5AHAAZQByAHYAIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2533 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bd98d94a-a887-4d83-844f-e668c6a0780c
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAGMAbwBtAHAAdQB0AGUALQBoAHkAcABlAHIAdgAgACIALQBlACAAZgBpAGwAZQA6AC8ALwAvAEMAOgAvAG8AcABlAG4AcwB0AGEAYwBrAC8AYgB1AGkAbABkAC8AYwBvAG0AcAB1AHQAZQAtAGgAeQBwAGUAcgB2ACMAZQBnAGcAPQBjAG8AbQBwAHUAdABlAC0AaAB5AHAAZQByAHYAIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2532 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bd98d94a-a887-4d83-844f-e668c6a0780c
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAGMAbwBtAHAAdQB0AGUALQBoAHkAcABlAHIAdgAgACIALQBlACAAZgBpAGwAZQA6AC8ALwAvAEMAOgAvAG8AcABlAG4AcwB0AGEAYwBrAC8AYgB1AGkAbABkAC8AYwBvAG0AcAB1AHQAZQAtAGgAeQBwAGUAcgB2ACMAZQBnAGcAPQBjAG8AbQBwAHUAdABlAC0AaAB5AHAAZQByAHYAIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2531 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bd98d94a-a887-4d83-844f-e668c6a0780c
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAGMAbwBtAHAAdQB0AGUALQBoAHkAcABlAHIAdgAgACIALQBlACAAZgBpAGwAZQA6AC8ALwAvAEMAOgAvAG8AcABlAG4AcwB0AGEAYwBrAC8AYgB1AGkAbABkAC8AYwBvAG0AcAB1AHQAZQAtAGgAeQBwAGUAcgB2ACMAZQBnAGcAPQBjAG8AbQBwAHUAdABlAC0AaAB5AHAAZQByAHYAIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2530 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=db831861-a437-46f9-ac9a-4007a5a491b5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=f5fe087b-0b48-476e-b88f-c23dd870cbe5
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2529 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=db831861-a437-46f9-ac9a-4007a5a491b5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=f5fe087b-0b48-476e-b88f-c23dd870cbe5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2528 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=db831861-a437-46f9-ac9a-4007a5a491b5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2527 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=db831861-a437-46f9-ac9a-4007a5a491b5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2526 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=db831861-a437-46f9-ac9a-4007a5a491b5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2525 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=db831861-a437-46f9-ac9a-4007a5a491b5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2524 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=db831861-a437-46f9-ac9a-4007a5a491b5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2523 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=db831861-a437-46f9-ac9a-4007a5a491b5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2522 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=db831861-a437-46f9-ac9a-4007a5a491b5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2521 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=db831861-a437-46f9-ac9a-4007a5a491b5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2520 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d5fe2389-5737-484f-9e63-a7ab8e1bb77f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=239dadc2-f44a-4b36-a84e-b0c93378241b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2519 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d5fe2389-5737-484f-9e63-a7ab8e1bb77f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2518 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d5fe2389-5737-484f-9e63-a7ab8e1bb77f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2517 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d5fe2389-5737-484f-9e63-a7ab8e1bb77f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2516 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d5fe2389-5737-484f-9e63-a7ab8e1bb77f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2515 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d5fe2389-5737-484f-9e63-a7ab8e1bb77f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2514 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d5fe2389-5737-484f-9e63-a7ab8e1bb77f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2513 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4978f7d6-c437-4bb6-99e4-af86aed4eb14
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=5aea06f5-529d-4f03-99e4-e64bd93d3d8a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2512 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:23 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=495dc459-3e37-4394-942d-118f48f8fa39
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABjAG8AbQBwAHUAdABlAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=fa610e93-ff49-42e9-815f-b0352f51d974
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2511 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:23 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=495dc459-3e37-4394-942d-118f48f8fa39
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABjAG8AbQBwAHUAdABlAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=fa610e93-ff49-42e9-815f-b0352f51d974
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2510 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=495dc459-3e37-4394-942d-118f48f8fa39
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABjAG8AbQBwAHUAdABlAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2509 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=495dc459-3e37-4394-942d-118f48f8fa39
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABjAG8AbQBwAHUAdABlAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2508 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=495dc459-3e37-4394-942d-118f48f8fa39
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABjAG8AbQBwAHUAdABlAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2507 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=495dc459-3e37-4394-942d-118f48f8fa39
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABjAG8AbQBwAHUAdABlAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2506 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=495dc459-3e37-4394-942d-118f48f8fa39
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABjAG8AbQBwAHUAdABlAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2505 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=495dc459-3e37-4394-942d-118f48f8fa39
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABjAG8AbQBwAHUAdABlAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2504 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=65749217-3232-409f-baf5-cfe49fffcaa0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=d6cb8e26-f363-4687-97d2-b788ad07c7ff
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2503 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=65749217-3232-409f-baf5-cfe49fffcaa0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=d6cb8e26-f363-4687-97d2-b788ad07c7ff
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2502 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=65749217-3232-409f-baf5-cfe49fffcaa0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2501 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=65749217-3232-409f-baf5-cfe49fffcaa0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2500 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=65749217-3232-409f-baf5-cfe49fffcaa0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2499 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=65749217-3232-409f-baf5-cfe49fffcaa0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2498 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=65749217-3232-409f-baf5-cfe49fffcaa0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2497 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=65749217-3232-409f-baf5-cfe49fffcaa0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2496 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=65749217-3232-409f-baf5-cfe49fffcaa0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2495 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=65749217-3232-409f-baf5-cfe49fffcaa0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2494 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4978f7d6-c437-4bb6-99e4-af86aed4eb14
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=5aea06f5-529d-4f03-99e4-e64bd93d3d8a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2493 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4978f7d6-c437-4bb6-99e4-af86aed4eb14
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2492 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4978f7d6-c437-4bb6-99e4-af86aed4eb14
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2491 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4978f7d6-c437-4bb6-99e4-af86aed4eb14
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2490 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4978f7d6-c437-4bb6-99e4-af86aed4eb14
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2489 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4978f7d6-c437-4bb6-99e4-af86aed4eb14
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2488 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4978f7d6-c437-4bb6-99e4-af86aed4eb14
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2487 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6bad3585-2873-461b-a6a5-d84684937f29
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAGcAQQAyAEEARABrAEEATwBBAEEAdQBBAEQAQQBBAE0AdwBBAHQAQQBEAEkAQQBOAFEAQQAyAEEARABrAEEATQBnAEEAegBBAEQAZwBBAE4AUQBBADIAQQBEAEUAQQBOAGcAQQAzAEEARABrAEEATgBRAEEAMABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=20eaea42-744d-48ac-b7ce-daa2cd77e1af
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2486 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=69459cfa-5439-44d7-b3f3-c347ac17d358
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA2ADkAOAAuADAAMwAtADIANQA2ADkAMgAzADgANQA2ADEANgA3ADkANQA0ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=1e815700-5177-4fb0-ae0f-86dbb7789b5d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2485 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=69459cfa-5439-44d7-b3f3-c347ac17d358
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA2ADkAOAAuADAAMwAtADIANQA2ADkAMgAzADgANQA2ADEANgA3ADkANQA0ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=1e815700-5177-4fb0-ae0f-86dbb7789b5d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2484 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=69459cfa-5439-44d7-b3f3-c347ac17d358
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA2ADkAOAAuADAAMwAtADIANQA2ADkAMgAzADgANQA2ADEANgA3ADkANQA0ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2483 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=69459cfa-5439-44d7-b3f3-c347ac17d358
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA2ADkAOAAuADAAMwAtADIANQA2ADkAMgAzADgANQA2ADEANgA3ADkANQA0ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2482 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=69459cfa-5439-44d7-b3f3-c347ac17d358
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA2ADkAOAAuADAAMwAtADIANQA2ADkAMgAzADgANQA2ADEANgA3ADkANQA0ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2481 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=69459cfa-5439-44d7-b3f3-c347ac17d358
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA2ADkAOAAuADAAMwAtADIANQA2ADkAMgAzADgANQA2ADEANgA3ADkANQA0ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2480 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=69459cfa-5439-44d7-b3f3-c347ac17d358
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA2ADkAOAAuADAAMwAtADIANQA2ADkAMgAzADgANQA2ADEANgA3ADkANQA0ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2479 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=69459cfa-5439-44d7-b3f3-c347ac17d358
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA2ADkAOAAuADAAMwAtADIANQA2ADkAMgAzADgANQA2ADEANgA3ADkANQA0ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2478 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6bad3585-2873-461b-a6a5-d84684937f29
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAGcAQQAyAEEARABrAEEATwBBAEEAdQBBAEQAQQBBAE0AdwBBAHQAQQBEAEkAQQBOAFEAQQAyAEEARABrAEEATQBnAEEAegBBAEQAZwBBAE4AUQBBADIAQQBEAEUAQQBOAGcAQQAzAEEARABrAEEATgBRAEEAMABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=20eaea42-744d-48ac-b7ce-daa2cd77e1af
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2477 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6bad3585-2873-461b-a6a5-d84684937f29
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAGcAQQAyAEEARABrAEEATwBBAEEAdQBBAEQAQQBBAE0AdwBBAHQAQQBEAEkAQQBOAFEAQQAyAEEARABrAEEATQBnAEEAegBBAEQAZwBBAE4AUQBBADIAQQBEAEUAQQBOAGcAQQAzAEEARABrAEEATgBRAEEAMABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2476 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6bad3585-2873-461b-a6a5-d84684937f29
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAGcAQQAyAEEARABrAEEATwBBAEEAdQBBAEQAQQBBAE0AdwBBAHQAQQBEAEkAQQBOAFEAQQAyAEEARABrAEEATQBnAEEAegBBAEQAZwBBAE4AUQBBADIAQQBEAEUAQQBOAGcAQQAzAEEARABrAEEATgBRAEEAMABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2475 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6bad3585-2873-461b-a6a5-d84684937f29
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAGcAQQAyAEEARABrAEEATwBBAEEAdQBBAEQAQQBBAE0AdwBBAHQAQQBEAEkAQQBOAFEAQQAyAEEARABrAEEATQBnAEEAegBBAEQAZwBBAE4AUQBBADIAQQBEAEUAQQBOAGcAQQAzAEEARABrAEEATgBRAEEAMABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2474 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6bad3585-2873-461b-a6a5-d84684937f29
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAGcAQQAyAEEARABrAEEATwBBAEEAdQBBAEQAQQBBAE0AdwBBAHQAQQBEAEkAQQBOAFEAQQAyAEEARABrAEEATQBnAEEAegBBAEQAZwBBAE4AUQBBADIAQQBEAEUAQQBOAGcAQQAzAEEARABrAEEATgBRAEEAMABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2473 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6bad3585-2873-461b-a6a5-d84684937f29
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAGcAQQAyAEEARABrAEEATwBBAEEAdQBBAEQAQQBBAE0AdwBBAHQAQQBEAEkAQQBOAFEAQQAyAEEARABrAEEATQBnAEEAegBBAEQAZwBBAE4AUQBBADIAQQBEAEUAQQBOAGcAQQAzAEEARABrAEEATgBRAEEAMABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2472 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6bad3585-2873-461b-a6a5-d84684937f29
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAGcAQQAyAEEARABrAEEATwBBAEEAdQBBAEQAQQBBAE0AdwBBAHQAQQBEAEkAQQBOAFEAQQAyAEEARABrAEEATQBnAEEAegBBAEQAZwBBAE4AUQBBADIAQQBEAEUAQQBOAGcAQQAzAEEARABrAEEATgBRAEEAMABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2471 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=58829883-a38f-402f-a93f-b78c94f3a9c0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9a062c59-44ff-4d81-8a68-8a471bd242f5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2470 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4ebb1d51-a18f-402a-836f-116e79c05b1a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=8b5c4e2b-b9bd-4a9f-9a4e-8ded1a91c558
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2469 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4ebb1d51-a18f-402a-836f-116e79c05b1a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2468 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4ebb1d51-a18f-402a-836f-116e79c05b1a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2467 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4ebb1d51-a18f-402a-836f-116e79c05b1a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2466 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4ebb1d51-a18f-402a-836f-116e79c05b1a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2465 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4ebb1d51-a18f-402a-836f-116e79c05b1a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2464 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4ebb1d51-a18f-402a-836f-116e79c05b1a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2463 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4ebb1d51-a18f-402a-836f-116e79c05b1a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2462 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4ebb1d51-a18f-402a-836f-116e79c05b1a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2461 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=58829883-a38f-402f-a93f-b78c94f3a9c0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9a062c59-44ff-4d81-8a68-8a471bd242f5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2460 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=58829883-a38f-402f-a93f-b78c94f3a9c0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2459 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=58829883-a38f-402f-a93f-b78c94f3a9c0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2458 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=58829883-a38f-402f-a93f-b78c94f3a9c0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2457 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=58829883-a38f-402f-a93f-b78c94f3a9c0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2456 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=58829883-a38f-402f-a93f-b78c94f3a9c0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2455 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=58829883-a38f-402f-a93f-b78c94f3a9c0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2454 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b4c6fa45-f8ce-45c7-a182-bdef33989ece
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA2ADkAOAAuADAAMwAtADIANQA2ADkAMgAzADgANQA2ADEANgA3ADkANQA0AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=f50a9735-2526-4b03-9553-a3c67acbfeb6
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2453 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b4c6fa45-f8ce-45c7-a182-bdef33989ece
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA2ADkAOAAuADAAMwAtADIANQA2ADkAMgAzADgANQA2ADEANgA3ADkANQA0AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=f50a9735-2526-4b03-9553-a3c67acbfeb6
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2452 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b4c6fa45-f8ce-45c7-a182-bdef33989ece
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA2ADkAOAAuADAAMwAtADIANQA2ADkAMgAzADgANQA2ADEANgA3ADkANQA0AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2451 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b4c6fa45-f8ce-45c7-a182-bdef33989ece
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA2ADkAOAAuADAAMwAtADIANQA2ADkAMgAzADgANQA2ADEANgA3ADkANQA0AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2450 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b4c6fa45-f8ce-45c7-a182-bdef33989ece
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA2ADkAOAAuADAAMwAtADIANQA2ADkAMgAzADgANQA2ADEANgA3ADkANQA0AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2449 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b4c6fa45-f8ce-45c7-a182-bdef33989ece
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA2ADkAOAAuADAAMwAtADIANQA2ADkAMgAzADgANQA2ADEANgA3ADkANQA0AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2448 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b4c6fa45-f8ce-45c7-a182-bdef33989ece
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA2ADkAOAAuADAAMwAtADIANQA2ADkAMgAzADgANQA2ADEANgA3ADkANQA0AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2447 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b4c6fa45-f8ce-45c7-a182-bdef33989ece
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA2ADkAOAAuADAAMwAtADIANQA2ADkAMgAzADgANQA2ADEANgA3ADkANQA0AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2446 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c474e52c-a2ab-48c3-a0a9-03fe6dbb3501
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBPAFEAQQA0AEEAQwA0AEEATQBBAEEAegBBAEMAMABBAE0AZwBBADEAQQBEAFkAQQBPAFEAQQB5AEEARABNAEEATwBBAEEAMQBBAEQAWQBBAE0AUQBBADIAQQBEAGMAQQBPAFEAQQAxAEEARABRAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=2e20a9eb-ce07-46a6-94bc-dd262de942b6
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2445 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=09bff398-8fe2-4f1a-b18d-c2de993b6222
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAyADYAOQA4AC4AMAAzAC0AMgA1ADYAOQAyADMAOAA1ADYAMQA2ADcAOQA1ADQAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=34e0e24f-a841-470e-b7cb-4fd0324792ff
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2444 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=09bff398-8fe2-4f1a-b18d-c2de993b6222
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAyADYAOQA4AC4AMAAzAC0AMgA1ADYAOQAyADMAOAA1ADYAMQA2ADcAOQA1ADQAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=34e0e24f-a841-470e-b7cb-4fd0324792ff
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2443 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=09bff398-8fe2-4f1a-b18d-c2de993b6222
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAyADYAOQA4AC4AMAAzAC0AMgA1ADYAOQAyADMAOAA1ADYAMQA2ADcAOQA1ADQAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2442 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=09bff398-8fe2-4f1a-b18d-c2de993b6222
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAyADYAOQA4AC4AMAAzAC0AMgA1ADYAOQAyADMAOAA1ADYAMQA2ADcAOQA1ADQAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2441 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=09bff398-8fe2-4f1a-b18d-c2de993b6222
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAyADYAOQA4AC4AMAAzAC0AMgA1ADYAOQAyADMAOAA1ADYAMQA2ADcAOQA1ADQAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2440 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=09bff398-8fe2-4f1a-b18d-c2de993b6222
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAyADYAOQA4AC4AMAAzAC0AMgA1ADYAOQAyADMAOAA1ADYAMQA2ADcAOQA1ADQAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2439 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=09bff398-8fe2-4f1a-b18d-c2de993b6222
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAyADYAOQA4AC4AMAAzAC0AMgA1ADYAOQAyADMAOAA1ADYAMQA2ADcAOQA1ADQAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2438 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=09bff398-8fe2-4f1a-b18d-c2de993b6222
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAyADYAOQA4AC4AMAAzAC0AMgA1ADYAOQAyADMAOAA1ADYAMQA2ADcAOQA1ADQAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2437 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c474e52c-a2ab-48c3-a0a9-03fe6dbb3501
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBPAFEAQQA0AEEAQwA0AEEATQBBAEEAegBBAEMAMABBAE0AZwBBADEAQQBEAFkAQQBPAFEAQQB5AEEARABNAEEATwBBAEEAMQBBAEQAWQBBAE0AUQBBADIAQQBEAGMAQQBPAFEAQQAxAEEARABRAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=2e20a9eb-ce07-46a6-94bc-dd262de942b6
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2436 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c474e52c-a2ab-48c3-a0a9-03fe6dbb3501
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBPAFEAQQA0AEEAQwA0AEEATQBBAEEAegBBAEMAMABBAE0AZwBBADEAQQBEAFkAQQBPAFEAQQB5AEEARABNAEEATwBBAEEAMQBBAEQAWQBBAE0AUQBBADIAQQBEAGMAQQBPAFEAQQAxAEEARABRAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2435 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c474e52c-a2ab-48c3-a0a9-03fe6dbb3501
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBPAFEAQQA0AEEAQwA0AEEATQBBAEEAegBBAEMAMABBAE0AZwBBADEAQQBEAFkAQQBPAFEAQQB5AEEARABNAEEATwBBAEEAMQBBAEQAWQBBAE0AUQBBADIAQQBEAGMAQQBPAFEAQQAxAEEARABRAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2434 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c474e52c-a2ab-48c3-a0a9-03fe6dbb3501
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBPAFEAQQA0AEEAQwA0AEEATQBBAEEAegBBAEMAMABBAE0AZwBBADEAQQBEAFkAQQBPAFEAQQB5AEEARABNAEEATwBBAEEAMQBBAEQAWQBBAE0AUQBBADIAQQBEAGMAQQBPAFEAQQAxAEEARABRAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2433 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c474e52c-a2ab-48c3-a0a9-03fe6dbb3501
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBPAFEAQQA0AEEAQwA0AEEATQBBAEEAegBBAEMAMABBAE0AZwBBADEAQQBEAFkAQQBPAFEAQQB5AEEARABNAEEATwBBAEEAMQBBAEQAWQBBAE0AUQBBADIAQQBEAGMAQQBPAFEAQQAxAEEARABRAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2432 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c474e52c-a2ab-48c3-a0a9-03fe6dbb3501
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBPAFEAQQA0AEEAQwA0AEEATQBBAEEAegBBAEMAMABBAE0AZwBBADEAQQBEAFkAQQBPAFEAQQB5AEEARABNAEEATwBBAEEAMQBBAEQAWQBBAE0AUQBBADIAQQBEAGMAQQBPAFEAQQAxAEEARABRAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2431 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c474e52c-a2ab-48c3-a0a9-03fe6dbb3501
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBPAFEAQQA0AEEAQwA0AEEATQBBAEEAegBBAEMAMABBAE0AZwBBADEAQQBEAFkAQQBPAFEAQQB5AEEARABNAEEATwBBAEEAMQBBAEQAWQBBAE0AUQBBADIAQQBEAGMAQQBPAFEAQQAxAEEARABRAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2430 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=58f87e16-b1a3-4374-8161-d1bb63e1c083
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c373f62c-8201-4212-b45c-fe73cccccfcc
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2429 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5177473b-d09e-415e-b575-ee80d393fe19
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=72de6502-0f6c-4560-835d-8e28456d2ac0
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2428 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5177473b-d09e-415e-b575-ee80d393fe19
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2427 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5177473b-d09e-415e-b575-ee80d393fe19
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2426 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5177473b-d09e-415e-b575-ee80d393fe19
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2425 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5177473b-d09e-415e-b575-ee80d393fe19
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2424 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5177473b-d09e-415e-b575-ee80d393fe19
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2423 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5177473b-d09e-415e-b575-ee80d393fe19
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2422 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5177473b-d09e-415e-b575-ee80d393fe19
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2421 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5177473b-d09e-415e-b575-ee80d393fe19
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2420 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=58f87e16-b1a3-4374-8161-d1bb63e1c083
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c373f62c-8201-4212-b45c-fe73cccccfcc
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2419 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=58f87e16-b1a3-4374-8161-d1bb63e1c083
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2418 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=58f87e16-b1a3-4374-8161-d1bb63e1c083
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2417 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=58f87e16-b1a3-4374-8161-d1bb63e1c083
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2416 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=58f87e16-b1a3-4374-8161-d1bb63e1c083
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2415 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=58f87e16-b1a3-4374-8161-d1bb63e1c083
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2414 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=58f87e16-b1a3-4374-8161-d1bb63e1c083
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2413 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cda82052-215d-4de7-823e-96cea2e5a7a5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=78f3cb38-74ae-488c-b7c9-a4aaa10da089
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2412 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4787c77f-80d9-4c3e-8885-91a10f843b27
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB1AHQAcgBvAG4A
EngineVersion=5.1.14393.1944
RunspaceId=c3165173-7a3f-4ffd-9296-bf87cd00a891
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2411 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:38:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4787c77f-80d9-4c3e-8885-91a10f843b27
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB1AHQAcgBvAG4A
EngineVersion=5.1.14393.1944
RunspaceId=c3165173-7a3f-4ffd-9296-bf87cd00a891
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2410 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4787c77f-80d9-4c3e-8885-91a10f843b27
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB1AHQAcgBvAG4A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2409 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4787c77f-80d9-4c3e-8885-91a10f843b27
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB1AHQAcgBvAG4A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2408 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4787c77f-80d9-4c3e-8885-91a10f843b27
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB1AHQAcgBvAG4A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2407 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4787c77f-80d9-4c3e-8885-91a10f843b27
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB1AHQAcgBvAG4A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2406 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4787c77f-80d9-4c3e-8885-91a10f843b27
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB1AHQAcgBvAG4A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2405 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4787c77f-80d9-4c3e-8885-91a10f843b27
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB1AHQAcgBvAG4A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2404 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1812c203-6b5b-4529-8b70-91a224d94a29
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e65210e3-6293-4d13-9ffd-4c2f8f511a39
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2403 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1812c203-6b5b-4529-8b70-91a224d94a29
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e65210e3-6293-4d13-9ffd-4c2f8f511a39
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2402 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1812c203-6b5b-4529-8b70-91a224d94a29
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2401 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1812c203-6b5b-4529-8b70-91a224d94a29
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2400 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1812c203-6b5b-4529-8b70-91a224d94a29
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2399 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1812c203-6b5b-4529-8b70-91a224d94a29
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2398 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1812c203-6b5b-4529-8b70-91a224d94a29
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2397 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1812c203-6b5b-4529-8b70-91a224d94a29
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2396 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1812c203-6b5b-4529-8b70-91a224d94a29
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2395 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1812c203-6b5b-4529-8b70-91a224d94a29
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2394 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cda82052-215d-4de7-823e-96cea2e5a7a5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=78f3cb38-74ae-488c-b7c9-a4aaa10da089
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2393 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cda82052-215d-4de7-823e-96cea2e5a7a5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2392 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cda82052-215d-4de7-823e-96cea2e5a7a5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2391 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cda82052-215d-4de7-823e-96cea2e5a7a5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2390 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cda82052-215d-4de7-823e-96cea2e5a7a5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2389 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cda82052-215d-4de7-823e-96cea2e5a7a5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2388 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cda82052-215d-4de7-823e-96cea2e5a7a5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2387 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ce521ad6-f261-4f3d-a647-151246eb18ce
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=d0784c05-dd42-4854-bd0e-288da3c12a70
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2386 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=83138291-9bb5-4540-9b10-6a3babb598ec
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AZQB1AHQAcgBvAG4AIAAiAC0AZQAgAGYAaQBsAGUAOgAvAC8ALwBDADoALwBvAHAAZQBuAHMAdABhAGMAawAvAGIAdQBpAGwAZAAvAG4AZQB1AHQAcgBvAG4AIwBlAGcAZwA9AG4AZQB1AHQAcgBvAG4AIgA=
EngineVersion=5.1.14393.1944
RunspaceId=e805efc7-579a-400c-aa31-882c633deee8
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2385 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=83138291-9bb5-4540-9b10-6a3babb598ec
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AZQB1AHQAcgBvAG4AIAAiAC0AZQAgAGYAaQBsAGUAOgAvAC8ALwBDADoALwBvAHAAZQBuAHMAdABhAGMAawAvAGIAdQBpAGwAZAAvAG4AZQB1AHQAcgBvAG4AIwBlAGcAZwA9AG4AZQB1AHQAcgBvAG4AIgA=
EngineVersion=5.1.14393.1944
RunspaceId=e805efc7-579a-400c-aa31-882c633deee8
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2384 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=83138291-9bb5-4540-9b10-6a3babb598ec
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AZQB1AHQAcgBvAG4AIAAiAC0AZQAgAGYAaQBsAGUAOgAvAC8ALwBDADoALwBvAHAAZQBuAHMAdABhAGMAawAvAGIAdQBpAGwAZAAvAG4AZQB1AHQAcgBvAG4AIwBlAGcAZwA9AG4AZQB1AHQAcgBvAG4AIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2383 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=83138291-9bb5-4540-9b10-6a3babb598ec
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AZQB1AHQAcgBvAG4AIAAiAC0AZQAgAGYAaQBsAGUAOgAvAC8ALwBDADoALwBvAHAAZQBuAHMAdABhAGMAawAvAGIAdQBpAGwAZAAvAG4AZQB1AHQAcgBvAG4AIwBlAGcAZwA9AG4AZQB1AHQAcgBvAG4AIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2382 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=83138291-9bb5-4540-9b10-6a3babb598ec
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AZQB1AHQAcgBvAG4AIAAiAC0AZQAgAGYAaQBsAGUAOgAvAC8ALwBDADoALwBvAHAAZQBuAHMAdABhAGMAawAvAGIAdQBpAGwAZAAvAG4AZQB1AHQAcgBvAG4AIwBlAGcAZwA9AG4AZQB1AHQAcgBvAG4AIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2381 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=83138291-9bb5-4540-9b10-6a3babb598ec
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AZQB1AHQAcgBvAG4AIAAiAC0AZQAgAGYAaQBsAGUAOgAvAC8ALwBDADoALwBvAHAAZQBuAHMAdABhAGMAawAvAGIAdQBpAGwAZAAvAG4AZQB1AHQAcgBvAG4AIwBlAGcAZwA9AG4AZQB1AHQAcgBvAG4AIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2380 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=83138291-9bb5-4540-9b10-6a3babb598ec
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AZQB1AHQAcgBvAG4AIAAiAC0AZQAgAGYAaQBsAGUAOgAvAC8ALwBDADoALwBvAHAAZQBuAHMAdABhAGMAawAvAGIAdQBpAGwAZAAvAG4AZQB1AHQAcgBvAG4AIwBlAGcAZwA9AG4AZQB1AHQAcgBvAG4AIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2379 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=83138291-9bb5-4540-9b10-6a3babb598ec
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AZQB1AHQAcgBvAG4AIAAiAC0AZQAgAGYAaQBsAGUAOgAvAC8ALwBDADoALwBvAHAAZQBuAHMAdABhAGMAawAvAGIAdQBpAGwAZAAvAG4AZQB1AHQAcgBvAG4AIwBlAGcAZwA9AG4AZQB1AHQAcgBvAG4AIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2378 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=18318459-eec6-4918-b2bf-73c8acab3527
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=1fb569b0-4c13-4992-a240-e56b49620182
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2377 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=18318459-eec6-4918-b2bf-73c8acab3527
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=1fb569b0-4c13-4992-a240-e56b49620182
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2376 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=18318459-eec6-4918-b2bf-73c8acab3527
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2375 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=18318459-eec6-4918-b2bf-73c8acab3527
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2374 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=18318459-eec6-4918-b2bf-73c8acab3527
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2373 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=18318459-eec6-4918-b2bf-73c8acab3527
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2372 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=18318459-eec6-4918-b2bf-73c8acab3527
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2371 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=18318459-eec6-4918-b2bf-73c8acab3527
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2370 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=18318459-eec6-4918-b2bf-73c8acab3527
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2369 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=18318459-eec6-4918-b2bf-73c8acab3527
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2368 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ce521ad6-f261-4f3d-a647-151246eb18ce
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=d0784c05-dd42-4854-bd0e-288da3c12a70
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2367 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ce521ad6-f261-4f3d-a647-151246eb18ce
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2366 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ce521ad6-f261-4f3d-a647-151246eb18ce
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2365 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ce521ad6-f261-4f3d-a647-151246eb18ce
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2364 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ce521ad6-f261-4f3d-a647-151246eb18ce
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2363 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ce521ad6-f261-4f3d-a647-151246eb18ce
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2362 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ce521ad6-f261-4f3d-a647-151246eb18ce
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2361 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e1015716-16de-44a1-8648-ec9034048517
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=f48a7d6c-5b52-40ba-b2ac-cc7df1a7ea02
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2360 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a7192b1d-9a80-4c1f-b241-2cca8c8fa09f
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdQB0AHIAbwBuAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=8d95b6f7-36b9-4d79-b3fd-6ba1bdd3e230
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2359 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a7192b1d-9a80-4c1f-b241-2cca8c8fa09f
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdQB0AHIAbwBuAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=8d95b6f7-36b9-4d79-b3fd-6ba1bdd3e230
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2358 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a7192b1d-9a80-4c1f-b241-2cca8c8fa09f
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdQB0AHIAbwBuAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2357 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a7192b1d-9a80-4c1f-b241-2cca8c8fa09f
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdQB0AHIAbwBuAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2356 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a7192b1d-9a80-4c1f-b241-2cca8c8fa09f
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdQB0AHIAbwBuAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2355 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a7192b1d-9a80-4c1f-b241-2cca8c8fa09f
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdQB0AHIAbwBuAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2354 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a7192b1d-9a80-4c1f-b241-2cca8c8fa09f
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdQB0AHIAbwBuAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2353 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a7192b1d-9a80-4c1f-b241-2cca8c8fa09f
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdQB0AHIAbwBuAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2352 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6876f0c8-34d6-409d-8a3d-a79047a1aca6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=8e25cf77-9646-4c8b-aa60-09c08e61524f
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2351 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6876f0c8-34d6-409d-8a3d-a79047a1aca6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=8e25cf77-9646-4c8b-aa60-09c08e61524f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2350 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6876f0c8-34d6-409d-8a3d-a79047a1aca6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2349 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6876f0c8-34d6-409d-8a3d-a79047a1aca6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2348 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6876f0c8-34d6-409d-8a3d-a79047a1aca6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2347 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6876f0c8-34d6-409d-8a3d-a79047a1aca6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2346 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6876f0c8-34d6-409d-8a3d-a79047a1aca6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2345 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6876f0c8-34d6-409d-8a3d-a79047a1aca6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2344 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6876f0c8-34d6-409d-8a3d-a79047a1aca6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2343 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6876f0c8-34d6-409d-8a3d-a79047a1aca6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2342 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e1015716-16de-44a1-8648-ec9034048517
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=f48a7d6c-5b52-40ba-b2ac-cc7df1a7ea02
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2341 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e1015716-16de-44a1-8648-ec9034048517
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2340 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e1015716-16de-44a1-8648-ec9034048517
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2339 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e1015716-16de-44a1-8648-ec9034048517
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2338 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e1015716-16de-44a1-8648-ec9034048517
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2337 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e1015716-16de-44a1-8648-ec9034048517
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2336 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e1015716-16de-44a1-8648-ec9034048517
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2335 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ad0f9200-1a16-4f1a-97ab-1576472a95dd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAGcAQQAyAEEARABNAEEATQBBAEEAdQBBAEQAUQBBAE4AZwBBAHQAQQBEAFkAQQBPAFEAQQAzAEEARABrAEEATgBnAEEANABBAEQAWQBBAE0AQQBBADAAQQBEAGcAQQBNAHcAQQAwAEEARABFAEEATgBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=5.1.14393.1944
RunspaceId=3c1b9639-5133-42fe-965d-c071d58471f5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2334 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6b026c8a-5351-495c-9683-f8279de23e90
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA2ADMAMAAuADQANgAtADYAOQA3ADkANgA4ADYAMAA0ADgAMwA0ADEANAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=ae52983e-5343-4d08-8859-134b3081e982
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2333 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6b026c8a-5351-495c-9683-f8279de23e90
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA2ADMAMAAuADQANgAtADYAOQA3ADkANgA4ADYAMAA0ADgAMwA0ADEANAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=ae52983e-5343-4d08-8859-134b3081e982
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2332 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6b026c8a-5351-495c-9683-f8279de23e90
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA2ADMAMAAuADQANgAtADYAOQA3ADkANgA4ADYAMAA0ADgAMwA0ADEANAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2331 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6b026c8a-5351-495c-9683-f8279de23e90
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA2ADMAMAAuADQANgAtADYAOQA3ADkANgA4ADYAMAA0ADgAMwA0ADEANAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2330 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6b026c8a-5351-495c-9683-f8279de23e90
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA2ADMAMAAuADQANgAtADYAOQA3ADkANgA4ADYAMAA0ADgAMwA0ADEANAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2329 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6b026c8a-5351-495c-9683-f8279de23e90
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA2ADMAMAAuADQANgAtADYAOQA3ADkANgA4ADYAMAA0ADgAMwA0ADEANAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2328 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6b026c8a-5351-495c-9683-f8279de23e90
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA2ADMAMAAuADQANgAtADYAOQA3ADkANgA4ADYAMAA0ADgAMwA0ADEANAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2327 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6b026c8a-5351-495c-9683-f8279de23e90
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA2ADMAMAAuADQANgAtADYAOQA3ADkANgA4ADYAMAA0ADgAMwA0ADEANAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2326 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ad0f9200-1a16-4f1a-97ab-1576472a95dd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAGcAQQAyAEEARABNAEEATQBBAEEAdQBBAEQAUQBBAE4AZwBBAHQAQQBEAFkAQQBPAFEAQQAzAEEARABrAEEATgBnAEEANABBAEQAWQBBAE0AQQBBADAAQQBEAGcAQQBNAHcAQQAwAEEARABFAEEATgBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=5.1.14393.1944
RunspaceId=3c1b9639-5133-42fe-965d-c071d58471f5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2325 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ad0f9200-1a16-4f1a-97ab-1576472a95dd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAGcAQQAyAEEARABNAEEATQBBAEEAdQBBAEQAUQBBAE4AZwBBAHQAQQBEAFkAQQBPAFEAQQAzAEEARABrAEEATgBnAEEANABBAEQAWQBBAE0AQQBBADAAQQBEAGcAQQBNAHcAQQAwAEEARABFAEEATgBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2324 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ad0f9200-1a16-4f1a-97ab-1576472a95dd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAGcAQQAyAEEARABNAEEATQBBAEEAdQBBAEQAUQBBAE4AZwBBAHQAQQBEAFkAQQBPAFEAQQAzAEEARABrAEEATgBnAEEANABBAEQAWQBBAE0AQQBBADAAQQBEAGcAQQBNAHcAQQAwAEEARABFAEEATgBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2323 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ad0f9200-1a16-4f1a-97ab-1576472a95dd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAGcAQQAyAEEARABNAEEATQBBAEEAdQBBAEQAUQBBAE4AZwBBAHQAQQBEAFkAQQBPAFEAQQAzAEEARABrAEEATgBnAEEANABBAEQAWQBBAE0AQQBBADAAQQBEAGcAQQBNAHcAQQAwAEEARABFAEEATgBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2322 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ad0f9200-1a16-4f1a-97ab-1576472a95dd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAGcAQQAyAEEARABNAEEATQBBAEEAdQBBAEQAUQBBAE4AZwBBAHQAQQBEAFkAQQBPAFEAQQAzAEEARABrAEEATgBnAEEANABBAEQAWQBBAE0AQQBBADAAQQBEAGcAQQBNAHcAQQAwAEEARABFAEEATgBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2321 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ad0f9200-1a16-4f1a-97ab-1576472a95dd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAGcAQQAyAEEARABNAEEATQBBAEEAdQBBAEQAUQBBAE4AZwBBAHQAQQBEAFkAQQBPAFEAQQAzAEEARABrAEEATgBnAEEANABBAEQAWQBBAE0AQQBBADAAQQBEAGcAQQBNAHcAQQAwAEEARABFAEEATgBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2320 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ad0f9200-1a16-4f1a-97ab-1576472a95dd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAGcAQQAyAEEARABNAEEATQBBAEEAdQBBAEQAUQBBAE4AZwBBAHQAQQBEAFkAQQBPAFEAQQAzAEEARABrAEEATgBnAEEANABBAEQAWQBBAE0AQQBBADAAQQBEAGcAQQBNAHcAQQAwAEEARABFAEEATgBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2319 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=728e43a6-ee78-485f-ac6f-177b953535ba
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=d1bf833f-340d-4c87-977c-815e2fd6bd1a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2318 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bdc59481-23aa-4794-8a95-29caf8e5e50f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=40203ec7-cbbf-48c1-8519-433ebb6fd5b8
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2317 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bdc59481-23aa-4794-8a95-29caf8e5e50f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2316 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bdc59481-23aa-4794-8a95-29caf8e5e50f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2315 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bdc59481-23aa-4794-8a95-29caf8e5e50f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2314 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bdc59481-23aa-4794-8a95-29caf8e5e50f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2313 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bdc59481-23aa-4794-8a95-29caf8e5e50f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2312 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bdc59481-23aa-4794-8a95-29caf8e5e50f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2311 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bdc59481-23aa-4794-8a95-29caf8e5e50f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2310 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bdc59481-23aa-4794-8a95-29caf8e5e50f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2309 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=728e43a6-ee78-485f-ac6f-177b953535ba
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=d1bf833f-340d-4c87-977c-815e2fd6bd1a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2308 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=728e43a6-ee78-485f-ac6f-177b953535ba
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2307 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=728e43a6-ee78-485f-ac6f-177b953535ba
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2306 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=728e43a6-ee78-485f-ac6f-177b953535ba
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2305 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=728e43a6-ee78-485f-ac6f-177b953535ba
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2304 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=728e43a6-ee78-485f-ac6f-177b953535ba
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2303 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=728e43a6-ee78-485f-ac6f-177b953535ba
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2302 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d3fd6091-e994-49c1-8e17-f0933ca527b4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA2ADMAMAAuADQANgAtADYAOQA3ADkANgA4ADYAMAA0ADgAMwA0ADEANABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=5.1.14393.1944
RunspaceId=be0328a4-a898-4926-be1f-e341b2cc4ce1
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2301 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d3fd6091-e994-49c1-8e17-f0933ca527b4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA2ADMAMAAuADQANgAtADYAOQA3ADkANgA4ADYAMAA0ADgAMwA0ADEANABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=5.1.14393.1944
RunspaceId=be0328a4-a898-4926-be1f-e341b2cc4ce1
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2300 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d3fd6091-e994-49c1-8e17-f0933ca527b4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA2ADMAMAAuADQANgAtADYAOQA3ADkANgA4ADYAMAA0ADgAMwA0ADEANABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2299 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d3fd6091-e994-49c1-8e17-f0933ca527b4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA2ADMAMAAuADQANgAtADYAOQA3ADkANgA4ADYAMAA0ADgAMwA0ADEANABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2298 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d3fd6091-e994-49c1-8e17-f0933ca527b4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA2ADMAMAAuADQANgAtADYAOQA3ADkANgA4ADYAMAA0ADgAMwA0ADEANABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2297 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d3fd6091-e994-49c1-8e17-f0933ca527b4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA2ADMAMAAuADQANgAtADYAOQA3ADkANgA4ADYAMAA0ADgAMwA0ADEANABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2296 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d3fd6091-e994-49c1-8e17-f0933ca527b4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA2ADMAMAAuADQANgAtADYAOQA3ADkANgA4ADYAMAA0ADgAMwA0ADEANABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2295 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d3fd6091-e994-49c1-8e17-f0933ca527b4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA2ADMAMAAuADQANgAtADYAOQA3ADkANgA4ADYAMAA0ADgAMwA0ADEANABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2294 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dddc6ec5-2e09-4dd5-b90b-3df7e7ed9e55
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAHcAQQB3AEEAQwA0AEEATgBBAEEAMgBBAEMAMABBAE4AZwBBADUAQQBEAGMAQQBPAFEAQQAyAEEARABnAEEATgBnAEEAdwBBAEQAUQBBAE8AQQBBAHoAQQBEAFEAQQBNAFEAQQAwAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=5.1.14393.1944
RunspaceId=969852f0-f676-4ecf-b55b-89b2e9b8de83
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2293 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2a37d596-051d-48d0-8a07-12d3ad670c76
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAyADYAMwAwAC4ANAA2AC0ANgA5ADcAOQA2ADgANgAwADQAOAAzADQAMQA0ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=a5f64f5c-acbb-420c-a169-48a97c8efc89
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2292 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2a37d596-051d-48d0-8a07-12d3ad670c76
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAyADYAMwAwAC4ANAA2AC0ANgA5ADcAOQA2ADgANgAwADQAOAAzADQAMQA0ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=a5f64f5c-acbb-420c-a169-48a97c8efc89
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2291 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2a37d596-051d-48d0-8a07-12d3ad670c76
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAyADYAMwAwAC4ANAA2AC0ANgA5ADcAOQA2ADgANgAwADQAOAAzADQAMQA0ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2290 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2a37d596-051d-48d0-8a07-12d3ad670c76
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAyADYAMwAwAC4ANAA2AC0ANgA5ADcAOQA2ADgANgAwADQAOAAzADQAMQA0ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2289 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2a37d596-051d-48d0-8a07-12d3ad670c76
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAyADYAMwAwAC4ANAA2AC0ANgA5ADcAOQA2ADgANgAwADQAOAAzADQAMQA0ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2288 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2a37d596-051d-48d0-8a07-12d3ad670c76
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAyADYAMwAwAC4ANAA2AC0ANgA5ADcAOQA2ADgANgAwADQAOAAzADQAMQA0ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2287 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2a37d596-051d-48d0-8a07-12d3ad670c76
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAyADYAMwAwAC4ANAA2AC0ANgA5ADcAOQA2ADgANgAwADQAOAAzADQAMQA0ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2286 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2a37d596-051d-48d0-8a07-12d3ad670c76
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAyADYAMwAwAC4ANAA2AC0ANgA5ADcAOQA2ADgANgAwADQAOAAzADQAMQA0ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2285 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dddc6ec5-2e09-4dd5-b90b-3df7e7ed9e55
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAHcAQQB3AEEAQwA0AEEATgBBAEEAMgBBAEMAMABBAE4AZwBBADUAQQBEAGMAQQBPAFEAQQAyAEEARABnAEEATgBnAEEAdwBBAEQAUQBBAE8AQQBBAHoAQQBEAFEAQQBNAFEAQQAwAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=5.1.14393.1944
RunspaceId=969852f0-f676-4ecf-b55b-89b2e9b8de83
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2284 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dddc6ec5-2e09-4dd5-b90b-3df7e7ed9e55
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAHcAQQB3AEEAQwA0AEEATgBBAEEAMgBBAEMAMABBAE4AZwBBADUAQQBEAGMAQQBPAFEAQQAyAEEARABnAEEATgBnAEEAdwBBAEQAUQBBAE8AQQBBAHoAQQBEAFEAQQBNAFEAQQAwAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2283 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dddc6ec5-2e09-4dd5-b90b-3df7e7ed9e55
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAHcAQQB3AEEAQwA0AEEATgBBAEEAMgBBAEMAMABBAE4AZwBBADUAQQBEAGMAQQBPAFEAQQAyAEEARABnAEEATgBnAEEAdwBBAEQAUQBBAE8AQQBBAHoAQQBEAFEAQQBNAFEAQQAwAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2282 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dddc6ec5-2e09-4dd5-b90b-3df7e7ed9e55
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAHcAQQB3AEEAQwA0AEEATgBBAEEAMgBBAEMAMABBAE4AZwBBADUAQQBEAGMAQQBPAFEAQQAyAEEARABnAEEATgBnAEEAdwBBAEQAUQBBAE8AQQBBAHoAQQBEAFEAQQBNAFEAQQAwAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2281 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dddc6ec5-2e09-4dd5-b90b-3df7e7ed9e55
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAHcAQQB3AEEAQwA0AEEATgBBAEEAMgBBAEMAMABBAE4AZwBBADUAQQBEAGMAQQBPAFEAQQAyAEEARABnAEEATgBnAEEAdwBBAEQAUQBBAE8AQQBBAHoAQQBEAFEAQQBNAFEAQQAwAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2280 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dddc6ec5-2e09-4dd5-b90b-3df7e7ed9e55
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAHcAQQB3AEEAQwA0AEEATgBBAEEAMgBBAEMAMABBAE4AZwBBADUAQQBEAGMAQQBPAFEAQQAyAEEARABnAEEATgBnAEEAdwBBAEQAUQBBAE8AQQBBAHoAQQBEAFEAQQBNAFEAQQAwAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2279 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dddc6ec5-2e09-4dd5-b90b-3df7e7ed9e55
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAHcAQQB3AEEAQwA0AEEATgBBAEEAMgBBAEMAMABBAE4AZwBBADUAQQBEAGMAQQBPAFEAQQAyAEEARABnAEEATgBnAEEAdwBBAEQAUQBBAE8AQQBBAHoAQQBEAFEAQQBNAFEAQQAwAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2278 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=96ff160b-ebc2-452b-ab39-84e00dde40a0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ee5e0b08-2983-4d1c-bcbe-a4d81943357f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2277 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8619a871-5ee3-4afb-a9fc-8d39e2a1904e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=904f6a22-3b3e-4bb8-be92-060483a034fd
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2276 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8619a871-5ee3-4afb-a9fc-8d39e2a1904e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2275 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8619a871-5ee3-4afb-a9fc-8d39e2a1904e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2274 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8619a871-5ee3-4afb-a9fc-8d39e2a1904e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2273 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8619a871-5ee3-4afb-a9fc-8d39e2a1904e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2272 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8619a871-5ee3-4afb-a9fc-8d39e2a1904e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2271 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8619a871-5ee3-4afb-a9fc-8d39e2a1904e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2270 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8619a871-5ee3-4afb-a9fc-8d39e2a1904e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2269 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8619a871-5ee3-4afb-a9fc-8d39e2a1904e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2268 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=96ff160b-ebc2-452b-ab39-84e00dde40a0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ee5e0b08-2983-4d1c-bcbe-a4d81943357f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2267 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=96ff160b-ebc2-452b-ab39-84e00dde40a0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2266 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=96ff160b-ebc2-452b-ab39-84e00dde40a0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2265 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=96ff160b-ebc2-452b-ab39-84e00dde40a0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2264 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=96ff160b-ebc2-452b-ab39-84e00dde40a0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2263 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=96ff160b-ebc2-452b-ab39-84e00dde40a0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2262 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=96ff160b-ebc2-452b-ab39-84e00dde40a0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2261 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=86df4b4d-88e7-4f4b-8131-84734e1717a9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9f877f73-12b8-426f-8b7a-4cc814c51a1e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2260 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:08 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c751ed47-18b1-4692-bd68-696dbaafbc5c
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AbwB2AGEA
EngineVersion=5.1.14393.1944
RunspaceId=b276c33c-0635-4e55-b4f2-1d5061b4ef2f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2259 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:37:08 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c751ed47-18b1-4692-bd68-696dbaafbc5c
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AbwB2AGEA
EngineVersion=5.1.14393.1944
RunspaceId=b276c33c-0635-4e55-b4f2-1d5061b4ef2f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2258 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:27 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c751ed47-18b1-4692-bd68-696dbaafbc5c
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AbwB2AGEA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2257 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:27 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c751ed47-18b1-4692-bd68-696dbaafbc5c
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AbwB2AGEA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2256 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:27 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c751ed47-18b1-4692-bd68-696dbaafbc5c
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AbwB2AGEA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2255 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:27 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c751ed47-18b1-4692-bd68-696dbaafbc5c
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AbwB2AGEA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2254 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:27 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c751ed47-18b1-4692-bd68-696dbaafbc5c
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AbwB2AGEA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2253 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:27 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c751ed47-18b1-4692-bd68-696dbaafbc5c
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AbwB2AGEA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2252 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:27 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b2ab49ad-beff-4a39-82cb-60942c7a7840
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e0947917-f1c0-45ae-add8-30670433690a
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2251 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:27 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b2ab49ad-beff-4a39-82cb-60942c7a7840
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e0947917-f1c0-45ae-add8-30670433690a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2250 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:27 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b2ab49ad-beff-4a39-82cb-60942c7a7840
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2249 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:27 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b2ab49ad-beff-4a39-82cb-60942c7a7840
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2248 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:27 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b2ab49ad-beff-4a39-82cb-60942c7a7840
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2247 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:27 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b2ab49ad-beff-4a39-82cb-60942c7a7840
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2246 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:27 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b2ab49ad-beff-4a39-82cb-60942c7a7840
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2245 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:27 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b2ab49ad-beff-4a39-82cb-60942c7a7840
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2244 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:27 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b2ab49ad-beff-4a39-82cb-60942c7a7840
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2243 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:27 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b2ab49ad-beff-4a39-82cb-60942c7a7840
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2242 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:27 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=86df4b4d-88e7-4f4b-8131-84734e1717a9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9f877f73-12b8-426f-8b7a-4cc814c51a1e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2241 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:26 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=86df4b4d-88e7-4f4b-8131-84734e1717a9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2240 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:26 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=86df4b4d-88e7-4f4b-8131-84734e1717a9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2239 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:26 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=86df4b4d-88e7-4f4b-8131-84734e1717a9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2238 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:26 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=86df4b4d-88e7-4f4b-8131-84734e1717a9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2237 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:26 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=86df4b4d-88e7-4f4b-8131-84734e1717a9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2236 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:26 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=86df4b4d-88e7-4f4b-8131-84734e1717a9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2235 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:26 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f0be11f8-03e6-4150-9a70-8b8d2ca4407e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=4521e137-e225-4f87-8f5e-040487b2a56a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2234 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5309d098-523f-4ded-a038-62e840db1132
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AbwB2AGEAIAAiAC0AZQAgAGYAaQBsAGUAOgAvAC8ALwBDADoALwBvAHAAZQBuAHMAdABhAGMAawAvAGIAdQBpAGwAZAAvAG4AbwB2AGEAIwBlAGcAZwA9AG4AbwB2AGEAIgA=
EngineVersion=5.1.14393.1944
RunspaceId=616d4945-f839-4672-ae7b-0bf0d7169209
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2233 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5309d098-523f-4ded-a038-62e840db1132
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AbwB2AGEAIAAiAC0AZQAgAGYAaQBsAGUAOgAvAC8ALwBDADoALwBvAHAAZQBuAHMAdABhAGMAawAvAGIAdQBpAGwAZAAvAG4AbwB2AGEAIwBlAGcAZwA9AG4AbwB2AGEAIgA=
EngineVersion=5.1.14393.1944
RunspaceId=616d4945-f839-4672-ae7b-0bf0d7169209
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2232 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:23 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5309d098-523f-4ded-a038-62e840db1132
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AbwB2AGEAIAAiAC0AZQAgAGYAaQBsAGUAOgAvAC8ALwBDADoALwBvAHAAZQBuAHMAdABhAGMAawAvAGIAdQBpAGwAZAAvAG4AbwB2AGEAIwBlAGcAZwA9AG4AbwB2AGEAIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2231 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:23 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5309d098-523f-4ded-a038-62e840db1132
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AbwB2AGEAIAAiAC0AZQAgAGYAaQBsAGUAOgAvAC8ALwBDADoALwBvAHAAZQBuAHMAdABhAGMAawAvAGIAdQBpAGwAZAAvAG4AbwB2AGEAIwBlAGcAZwA9AG4AbwB2AGEAIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2230 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:23 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5309d098-523f-4ded-a038-62e840db1132
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AbwB2AGEAIAAiAC0AZQAgAGYAaQBsAGUAOgAvAC8ALwBDADoALwBvAHAAZQBuAHMAdABhAGMAawAvAGIAdQBpAGwAZAAvAG4AbwB2AGEAIwBlAGcAZwA9AG4AbwB2AGEAIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2229 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:23 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5309d098-523f-4ded-a038-62e840db1132
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AbwB2AGEAIAAiAC0AZQAgAGYAaQBsAGUAOgAvAC8ALwBDADoALwBvAHAAZQBuAHMAdABhAGMAawAvAGIAdQBpAGwAZAAvAG4AbwB2AGEAIwBlAGcAZwA9AG4AbwB2AGEAIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2228 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:23 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5309d098-523f-4ded-a038-62e840db1132
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AbwB2AGEAIAAiAC0AZQAgAGYAaQBsAGUAOgAvAC8ALwBDADoALwBvAHAAZQBuAHMAdABhAGMAawAvAGIAdQBpAGwAZAAvAG4AbwB2AGEAIwBlAGcAZwA9AG4AbwB2AGEAIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2227 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:23 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5309d098-523f-4ded-a038-62e840db1132
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AbwB2AGEAIAAiAC0AZQAgAGYAaQBsAGUAOgAvAC8ALwBDADoALwBvAHAAZQBuAHMAdABhAGMAawAvAGIAdQBpAGwAZAAvAG4AbwB2AGEAIwBlAGcAZwA9AG4AbwB2AGEAIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2226 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:23 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=194f00e3-7553-4f9a-898e-79537e9092d7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=2cf95666-d1d8-48ff-a402-ac9e2d09827d
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2225 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:23 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=194f00e3-7553-4f9a-898e-79537e9092d7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=2cf95666-d1d8-48ff-a402-ac9e2d09827d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2224 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:23 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=194f00e3-7553-4f9a-898e-79537e9092d7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2223 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:23 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=194f00e3-7553-4f9a-898e-79537e9092d7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2222 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:23 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=194f00e3-7553-4f9a-898e-79537e9092d7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2221 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:23 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=194f00e3-7553-4f9a-898e-79537e9092d7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2220 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:23 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=194f00e3-7553-4f9a-898e-79537e9092d7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2219 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:23 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=194f00e3-7553-4f9a-898e-79537e9092d7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2218 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:23 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=194f00e3-7553-4f9a-898e-79537e9092d7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2217 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:23 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=194f00e3-7553-4f9a-898e-79537e9092d7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2216 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:23 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f0be11f8-03e6-4150-9a70-8b8d2ca4407e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=4521e137-e225-4f87-8f5e-040487b2a56a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2215 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f0be11f8-03e6-4150-9a70-8b8d2ca4407e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2214 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f0be11f8-03e6-4150-9a70-8b8d2ca4407e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2213 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f0be11f8-03e6-4150-9a70-8b8d2ca4407e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2212 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f0be11f8-03e6-4150-9a70-8b8d2ca4407e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2211 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f0be11f8-03e6-4150-9a70-8b8d2ca4407e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2210 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f0be11f8-03e6-4150-9a70-8b8d2ca4407e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2209 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f6b2c803-a6cd-46a4-be99-1131a9feae85
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=bed1ea5a-6f8f-4158-a8fa-3d936f8ac3c4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2208 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=15e6cb6b-7f8a-4e94-a6e9-aeab4039ba13
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAG8AdgBhAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=145a7335-5acb-4f8c-acb6-a369780eb26a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2207 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=15e6cb6b-7f8a-4e94-a6e9-aeab4039ba13
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAG8AdgBhAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=145a7335-5acb-4f8c-acb6-a369780eb26a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2206 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=15e6cb6b-7f8a-4e94-a6e9-aeab4039ba13
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAG8AdgBhAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2205 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=15e6cb6b-7f8a-4e94-a6e9-aeab4039ba13
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAG8AdgBhAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2204 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=15e6cb6b-7f8a-4e94-a6e9-aeab4039ba13
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAG8AdgBhAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2203 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=15e6cb6b-7f8a-4e94-a6e9-aeab4039ba13
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAG8AdgBhAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2202 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=15e6cb6b-7f8a-4e94-a6e9-aeab4039ba13
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAG8AdgBhAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2201 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=15e6cb6b-7f8a-4e94-a6e9-aeab4039ba13
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAG8AdgBhAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2200 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=176da4aa-e21c-427b-a48a-275caac877a1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=f338a8f7-e74f-4429-b05d-59e3c55340a8
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2199 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=176da4aa-e21c-427b-a48a-275caac877a1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=f338a8f7-e74f-4429-b05d-59e3c55340a8
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2198 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=176da4aa-e21c-427b-a48a-275caac877a1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2197 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=176da4aa-e21c-427b-a48a-275caac877a1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2196 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=176da4aa-e21c-427b-a48a-275caac877a1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2195 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=176da4aa-e21c-427b-a48a-275caac877a1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2194 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=176da4aa-e21c-427b-a48a-275caac877a1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2193 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=176da4aa-e21c-427b-a48a-275caac877a1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2192 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=176da4aa-e21c-427b-a48a-275caac877a1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2191 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=176da4aa-e21c-427b-a48a-275caac877a1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2190 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f6b2c803-a6cd-46a4-be99-1131a9feae85
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=bed1ea5a-6f8f-4158-a8fa-3d936f8ac3c4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2189 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f6b2c803-a6cd-46a4-be99-1131a9feae85
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2188 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f6b2c803-a6cd-46a4-be99-1131a9feae85
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2187 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f6b2c803-a6cd-46a4-be99-1131a9feae85
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2186 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f6b2c803-a6cd-46a4-be99-1131a9feae85
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2185 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f6b2c803-a6cd-46a4-be99-1131a9feae85
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2184 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f6b2c803-a6cd-46a4-be99-1131a9feae85
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2183 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a2813344-3882-4584-a0cc-af0711bb34d2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAGcAQQAxAEEARABFAEEATgBnAEEAdQBBAEQASQBBAE8AUQBBAHQAQQBEAEkAQQBOAEEAQQAzAEEARABRAEEATgBRAEEAMABBAEQARQBBAE4AUQBBAHgAQQBEAEEAQQBOAEEAQQA1AEEARABNAEEATQB3AEEANQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=f62c3d22-6b43-435b-b71f-d5159d40b554
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2182 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2245af73-630f-4475-9f5f-a0183184b96f
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA1ADEANgAuADIAOQAtADIANAA3ADQANQA0ADEANQAxADAANAA5ADMAMwA5ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=46ad6486-d559-41df-baad-9475f941d863
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2181 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2245af73-630f-4475-9f5f-a0183184b96f
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA1ADEANgAuADIAOQAtADIANAA3ADQANQA0ADEANQAxADAANAA5ADMAMwA5ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=46ad6486-d559-41df-baad-9475f941d863
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2180 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2245af73-630f-4475-9f5f-a0183184b96f
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA1ADEANgAuADIAOQAtADIANAA3ADQANQA0ADEANQAxADAANAA5ADMAMwA5ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2179 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2245af73-630f-4475-9f5f-a0183184b96f
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA1ADEANgAuADIAOQAtADIANAA3ADQANQA0ADEANQAxADAANAA5ADMAMwA5ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2178 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2245af73-630f-4475-9f5f-a0183184b96f
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA1ADEANgAuADIAOQAtADIANAA3ADQANQA0ADEANQAxADAANAA5ADMAMwA5ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2177 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2245af73-630f-4475-9f5f-a0183184b96f
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA1ADEANgAuADIAOQAtADIANAA3ADQANQA0ADEANQAxADAANAA5ADMAMwA5ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2176 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2245af73-630f-4475-9f5f-a0183184b96f
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA1ADEANgAuADIAOQAtADIANAA3ADQANQA0ADEANQAxADAANAA5ADMAMwA5ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2175 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2245af73-630f-4475-9f5f-a0183184b96f
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA1ADEANgAuADIAOQAtADIANAA3ADQANQA0ADEANQAxADAANAA5ADMAMwA5ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2174 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a2813344-3882-4584-a0cc-af0711bb34d2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAGcAQQAxAEEARABFAEEATgBnAEEAdQBBAEQASQBBAE8AUQBBAHQAQQBEAEkAQQBOAEEAQQAzAEEARABRAEEATgBRAEEAMABBAEQARQBBAE4AUQBBAHgAQQBEAEEAQQBOAEEAQQA1AEEARABNAEEATQB3AEEANQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=f62c3d22-6b43-435b-b71f-d5159d40b554
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2173 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a2813344-3882-4584-a0cc-af0711bb34d2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAGcAQQAxAEEARABFAEEATgBnAEEAdQBBAEQASQBBAE8AUQBBAHQAQQBEAEkAQQBOAEEAQQAzAEEARABRAEEATgBRAEEAMABBAEQARQBBAE4AUQBBAHgAQQBEAEEAQQBOAEEAQQA1AEEARABNAEEATQB3AEEANQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2172 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a2813344-3882-4584-a0cc-af0711bb34d2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAGcAQQAxAEEARABFAEEATgBnAEEAdQBBAEQASQBBAE8AUQBBAHQAQQBEAEkAQQBOAEEAQQAzAEEARABRAEEATgBRAEEAMABBAEQARQBBAE4AUQBBAHgAQQBEAEEAQQBOAEEAQQA1AEEARABNAEEATQB3AEEANQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2171 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a2813344-3882-4584-a0cc-af0711bb34d2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAGcAQQAxAEEARABFAEEATgBnAEEAdQBBAEQASQBBAE8AUQBBAHQAQQBEAEkAQQBOAEEAQQAzAEEARABRAEEATgBRAEEAMABBAEQARQBBAE4AUQBBAHgAQQBEAEEAQQBOAEEAQQA1AEEARABNAEEATQB3AEEANQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2170 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a2813344-3882-4584-a0cc-af0711bb34d2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAGcAQQAxAEEARABFAEEATgBnAEEAdQBBAEQASQBBAE8AUQBBAHQAQQBEAEkAQQBOAEEAQQAzAEEARABRAEEATgBRAEEAMABBAEQARQBBAE4AUQBBAHgAQQBEAEEAQQBOAEEAQQA1AEEARABNAEEATQB3AEEANQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2169 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a2813344-3882-4584-a0cc-af0711bb34d2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAGcAQQAxAEEARABFAEEATgBnAEEAdQBBAEQASQBBAE8AUQBBAHQAQQBEAEkAQQBOAEEAQQAzAEEARABRAEEATgBRAEEAMABBAEQARQBBAE4AUQBBAHgAQQBEAEEAQQBOAEEAQQA1AEEARABNAEEATQB3AEEANQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2168 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a2813344-3882-4584-a0cc-af0711bb34d2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAGcAQQAxAEEARABFAEEATgBnAEEAdQBBAEQASQBBAE8AUQBBAHQAQQBEAEkAQQBOAEEAQQAzAEEARABRAEEATgBRAEEAMABBAEQARQBBAE4AUQBBAHgAQQBEAEEAQQBOAEEAQQA1AEEARABNAEEATQB3AEEANQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2167 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b3d88a3b-3542-4138-9ba7-6d9f28046591
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e9d79018-d684-42e9-b32e-d5823b6a7527
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2166 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=31719e37-7475-49fe-a016-b59d1df750a8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c20cab9c-690f-4952-a974-5c237ee006af
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2165 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=31719e37-7475-49fe-a016-b59d1df750a8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2164 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=31719e37-7475-49fe-a016-b59d1df750a8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2163 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=31719e37-7475-49fe-a016-b59d1df750a8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2162 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=31719e37-7475-49fe-a016-b59d1df750a8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2161 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=31719e37-7475-49fe-a016-b59d1df750a8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2160 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=31719e37-7475-49fe-a016-b59d1df750a8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2159 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=31719e37-7475-49fe-a016-b59d1df750a8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2158 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=31719e37-7475-49fe-a016-b59d1df750a8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2157 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b3d88a3b-3542-4138-9ba7-6d9f28046591
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e9d79018-d684-42e9-b32e-d5823b6a7527
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2156 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b3d88a3b-3542-4138-9ba7-6d9f28046591
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2155 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b3d88a3b-3542-4138-9ba7-6d9f28046591
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2154 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b3d88a3b-3542-4138-9ba7-6d9f28046591
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2153 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b3d88a3b-3542-4138-9ba7-6d9f28046591
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2152 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b3d88a3b-3542-4138-9ba7-6d9f28046591
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2151 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b3d88a3b-3542-4138-9ba7-6d9f28046591
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2150 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c29f7f55-aff1-4c00-9ddd-6650f1808b6e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA1ADEANgAuADIAOQAtADIANAA3ADQANQA0ADEANQAxADAANAA5ADMAMwA5AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=4e239ec8-9818-482f-9d18-a8d173ec1e0e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2149 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c29f7f55-aff1-4c00-9ddd-6650f1808b6e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA1ADEANgAuADIAOQAtADIANAA3ADQANQA0ADEANQAxADAANAA5ADMAMwA5AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=4e239ec8-9818-482f-9d18-a8d173ec1e0e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2148 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c29f7f55-aff1-4c00-9ddd-6650f1808b6e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA1ADEANgAuADIAOQAtADIANAA3ADQANQA0ADEANQAxADAANAA5ADMAMwA5AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2147 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c29f7f55-aff1-4c00-9ddd-6650f1808b6e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA1ADEANgAuADIAOQAtADIANAA3ADQANQA0ADEANQAxADAANAA5ADMAMwA5AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2146 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c29f7f55-aff1-4c00-9ddd-6650f1808b6e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA1ADEANgAuADIAOQAtADIANAA3ADQANQA0ADEANQAxADAANAA5ADMAMwA5AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2145 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c29f7f55-aff1-4c00-9ddd-6650f1808b6e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA1ADEANgAuADIAOQAtADIANAA3ADQANQA0ADEANQAxADAANAA5ADMAMwA5AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2144 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c29f7f55-aff1-4c00-9ddd-6650f1808b6e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA1ADEANgAuADIAOQAtADIANAA3ADQANQA0ADEANQAxADAANAA5ADMAMwA5AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2143 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c29f7f55-aff1-4c00-9ddd-6650f1808b6e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgA1ADEANgAuADIAOQAtADIANAA3ADQANQA0ADEANQAxADAANAA5ADMAMwA5AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2142 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=79be56ac-3b99-4465-9138-e8f184bdd80c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFUAQQBNAFEAQQAyAEEAQwA0AEEATQBnAEEANQBBAEMAMABBAE0AZwBBADAAQQBEAGMAQQBOAEEAQQAxAEEARABRAEEATQBRAEEAMQBBAEQARQBBAE0AQQBBADAAQQBEAGsAQQBNAHcAQQB6AEEARABrAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=9ed8ef29-38fa-4a72-bcd3-547d847c7c05
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2141 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a404f827-b1e5-4ce5-9bec-c8d9469bf8bf
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAyADUAMQA2AC4AMgA5AC0AMgA0ADcANAA1ADQAMQA1ADEAMAA0ADkAMwAzADkAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=93dc01b4-37e9-4e3b-94ca-811b452d0ded
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2140 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a404f827-b1e5-4ce5-9bec-c8d9469bf8bf
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAyADUAMQA2AC4AMgA5AC0AMgA0ADcANAA1ADQAMQA1ADEAMAA0ADkAMwAzADkAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=93dc01b4-37e9-4e3b-94ca-811b452d0ded
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2139 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a404f827-b1e5-4ce5-9bec-c8d9469bf8bf
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAyADUAMQA2AC4AMgA5AC0AMgA0ADcANAA1ADQAMQA1ADEAMAA0ADkAMwAzADkAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2138 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a404f827-b1e5-4ce5-9bec-c8d9469bf8bf
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAyADUAMQA2AC4AMgA5AC0AMgA0ADcANAA1ADQAMQA1ADEAMAA0ADkAMwAzADkAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2137 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a404f827-b1e5-4ce5-9bec-c8d9469bf8bf
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAyADUAMQA2AC4AMgA5AC0AMgA0ADcANAA1ADQAMQA1ADEAMAA0ADkAMwAzADkAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2136 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a404f827-b1e5-4ce5-9bec-c8d9469bf8bf
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAyADUAMQA2AC4AMgA5AC0AMgA0ADcANAA1ADQAMQA1ADEAMAA0ADkAMwAzADkAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2135 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a404f827-b1e5-4ce5-9bec-c8d9469bf8bf
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAyADUAMQA2AC4AMgA5AC0AMgA0ADcANAA1ADQAMQA1ADEAMAA0ADkAMwAzADkAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2134 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a404f827-b1e5-4ce5-9bec-c8d9469bf8bf
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAyADUAMQA2AC4AMgA5AC0AMgA0ADcANAA1ADQAMQA1ADEAMAA0ADkAMwAzADkAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2133 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=79be56ac-3b99-4465-9138-e8f184bdd80c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFUAQQBNAFEAQQAyAEEAQwA0AEEATQBnAEEANQBBAEMAMABBAE0AZwBBADAAQQBEAGMAQQBOAEEAQQAxAEEARABRAEEATQBRAEEAMQBBAEQARQBBAE0AQQBBADAAQQBEAGsAQQBNAHcAQQB6AEEARABrAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=9ed8ef29-38fa-4a72-bcd3-547d847c7c05
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2132 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=79be56ac-3b99-4465-9138-e8f184bdd80c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFUAQQBNAFEAQQAyAEEAQwA0AEEATQBnAEEANQBBAEMAMABBAE0AZwBBADAAQQBEAGMAQQBOAEEAQQAxAEEARABRAEEATQBRAEEAMQBBAEQARQBBAE0AQQBBADAAQQBEAGsAQQBNAHcAQQB6AEEARABrAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2131 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=79be56ac-3b99-4465-9138-e8f184bdd80c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFUAQQBNAFEAQQAyAEEAQwA0AEEATQBnAEEANQBBAEMAMABBAE0AZwBBADAAQQBEAGMAQQBOAEEAQQAxAEEARABRAEEATQBRAEEAMQBBAEQARQBBAE0AQQBBADAAQQBEAGsAQQBNAHcAQQB6AEEARABrAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2130 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=79be56ac-3b99-4465-9138-e8f184bdd80c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFUAQQBNAFEAQQAyAEEAQwA0AEEATQBnAEEANQBBAEMAMABBAE0AZwBBADAAQQBEAGMAQQBOAEEAQQAxAEEARABRAEEATQBRAEEAMQBBAEQARQBBAE0AQQBBADAAQQBEAGsAQQBNAHcAQQB6AEEARABrAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2129 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=79be56ac-3b99-4465-9138-e8f184bdd80c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFUAQQBNAFEAQQAyAEEAQwA0AEEATQBnAEEANQBBAEMAMABBAE0AZwBBADAAQQBEAGMAQQBOAEEAQQAxAEEARABRAEEATQBRAEEAMQBBAEQARQBBAE0AQQBBADAAQQBEAGsAQQBNAHcAQQB6AEEARABrAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2128 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=79be56ac-3b99-4465-9138-e8f184bdd80c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFUAQQBNAFEAQQAyAEEAQwA0AEEATQBnAEEANQBBAEMAMABBAE0AZwBBADAAQQBEAGMAQQBOAEEAQQAxAEEARABRAEEATQBRAEEAMQBBAEQARQBBAE0AQQBBADAAQQBEAGsAQQBNAHcAQQB6AEEARABrAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2127 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=79be56ac-3b99-4465-9138-e8f184bdd80c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFUAQQBNAFEAQQAyAEEAQwA0AEEATQBnAEEANQBBAEMAMABBAE0AZwBBADAAQQBEAGMAQQBOAEEAQQAxAEEARABRAEEATQBRAEEAMQBBAEQARQBBAE0AQQBBADAAQQBEAGsAQQBNAHcAQQB6AEEARABrAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2126 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b176fb66-6bef-4322-a524-6d6b816b9c32
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ad933052-4fde-4042-88f1-ae9541bc0322
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2125 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=98bbbdf5-76ef-4be9-b43b-5219b4f0d6ee
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=050b1b6f-5a90-4e61-82f5-cd3f8abcd21f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2124 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=98bbbdf5-76ef-4be9-b43b-5219b4f0d6ee
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2123 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=98bbbdf5-76ef-4be9-b43b-5219b4f0d6ee
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2122 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=98bbbdf5-76ef-4be9-b43b-5219b4f0d6ee
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2121 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=98bbbdf5-76ef-4be9-b43b-5219b4f0d6ee
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2120 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=98bbbdf5-76ef-4be9-b43b-5219b4f0d6ee
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2119 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=98bbbdf5-76ef-4be9-b43b-5219b4f0d6ee
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2118 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=98bbbdf5-76ef-4be9-b43b-5219b4f0d6ee
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2117 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=98bbbdf5-76ef-4be9-b43b-5219b4f0d6ee
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2116 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b176fb66-6bef-4322-a524-6d6b816b9c32
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ad933052-4fde-4042-88f1-ae9541bc0322
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2115 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b176fb66-6bef-4322-a524-6d6b816b9c32
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2114 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b176fb66-6bef-4322-a524-6d6b816b9c32
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2113 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b176fb66-6bef-4322-a524-6d6b816b9c32
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2112 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b176fb66-6bef-4322-a524-6d6b816b9c32
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2111 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b176fb66-6bef-4322-a524-6d6b816b9c32
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2110 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b176fb66-6bef-4322-a524-6d6b816b9c32
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2109 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ec4555f9-4008-4efa-9cd6-40a8e25c83dc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=161bc76b-0c68-4b08-8520-f100c3beb89f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2108 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=42b36a89-2822-4e84-856e-343c3bad931a
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAGMAaQBuAGQAZQByAA==
EngineVersion=5.1.14393.1944
RunspaceId=2faa89cf-c82d-4779-9a7c-3ffe620610ed
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2107 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:35:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=42b36a89-2822-4e84-856e-343c3bad931a
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAGMAaQBuAGQAZQByAA==
EngineVersion=5.1.14393.1944
RunspaceId=2faa89cf-c82d-4779-9a7c-3ffe620610ed
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2106 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=42b36a89-2822-4e84-856e-343c3bad931a
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAGMAaQBuAGQAZQByAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2105 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=42b36a89-2822-4e84-856e-343c3bad931a
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAGMAaQBuAGQAZQByAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2104 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=42b36a89-2822-4e84-856e-343c3bad931a
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAGMAaQBuAGQAZQByAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2103 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=42b36a89-2822-4e84-856e-343c3bad931a
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAGMAaQBuAGQAZQByAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2102 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=42b36a89-2822-4e84-856e-343c3bad931a
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAGMAaQBuAGQAZQByAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2101 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=42b36a89-2822-4e84-856e-343c3bad931a
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAGMAaQBuAGQAZQByAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2100 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bf5f7596-9bac-465d-8d66-d14faa9ccd48
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=6ef54422-d2d4-47b4-b185-6464a95906d1
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2099 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bf5f7596-9bac-465d-8d66-d14faa9ccd48
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=6ef54422-d2d4-47b4-b185-6464a95906d1
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2098 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bf5f7596-9bac-465d-8d66-d14faa9ccd48
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2097 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bf5f7596-9bac-465d-8d66-d14faa9ccd48
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2096 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bf5f7596-9bac-465d-8d66-d14faa9ccd48
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2095 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bf5f7596-9bac-465d-8d66-d14faa9ccd48
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2094 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bf5f7596-9bac-465d-8d66-d14faa9ccd48
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2093 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bf5f7596-9bac-465d-8d66-d14faa9ccd48
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2092 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bf5f7596-9bac-465d-8d66-d14faa9ccd48
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2091 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bf5f7596-9bac-465d-8d66-d14faa9ccd48
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2090 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ec4555f9-4008-4efa-9cd6-40a8e25c83dc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=161bc76b-0c68-4b08-8520-f100c3beb89f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2089 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ec4555f9-4008-4efa-9cd6-40a8e25c83dc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2088 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ec4555f9-4008-4efa-9cd6-40a8e25c83dc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2087 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ec4555f9-4008-4efa-9cd6-40a8e25c83dc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2086 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ec4555f9-4008-4efa-9cd6-40a8e25c83dc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2085 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ec4555f9-4008-4efa-9cd6-40a8e25c83dc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2084 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ec4555f9-4008-4efa-9cd6-40a8e25c83dc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2083 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4e0e17d0-fa05-44b4-8a54-133b72ebbf34
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=76b648d8-2331-441c-9377-c9c56b258a3d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2082 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=10f5aafd-8b8f-4e50-84fa-8d6ae9b10a11
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAGMAaQBuAGQAZQByACAAIgAtAGUAIABmAGkAbABlADoALwAvAC8AQwA6AC8AbwBwAGUAbgBzAHQAYQBjAGsALwBiAHUAaQBsAGQALwBjAGkAbgBkAGUAcgAjAGUAZwBnAD0AYwBpAG4AZABlAHIAIgA=
EngineVersion=5.1.14393.1944
RunspaceId=70d1b554-0faa-47d7-8e95-2e3ff0d022ca
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2081 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=10f5aafd-8b8f-4e50-84fa-8d6ae9b10a11
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAGMAaQBuAGQAZQByACAAIgAtAGUAIABmAGkAbABlADoALwAvAC8AQwA6AC8AbwBwAGUAbgBzAHQAYQBjAGsALwBiAHUAaQBsAGQALwBjAGkAbgBkAGUAcgAjAGUAZwBnAD0AYwBpAG4AZABlAHIAIgA=
EngineVersion=5.1.14393.1944
RunspaceId=70d1b554-0faa-47d7-8e95-2e3ff0d022ca
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2080 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=10f5aafd-8b8f-4e50-84fa-8d6ae9b10a11
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAGMAaQBuAGQAZQByACAAIgAtAGUAIABmAGkAbABlADoALwAvAC8AQwA6AC8AbwBwAGUAbgBzAHQAYQBjAGsALwBiAHUAaQBsAGQALwBjAGkAbgBkAGUAcgAjAGUAZwBnAD0AYwBpAG4AZABlAHIAIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2079 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=10f5aafd-8b8f-4e50-84fa-8d6ae9b10a11
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAGMAaQBuAGQAZQByACAAIgAtAGUAIABmAGkAbABlADoALwAvAC8AQwA6AC8AbwBwAGUAbgBzAHQAYQBjAGsALwBiAHUAaQBsAGQALwBjAGkAbgBkAGUAcgAjAGUAZwBnAD0AYwBpAG4AZABlAHIAIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2078 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=10f5aafd-8b8f-4e50-84fa-8d6ae9b10a11
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAGMAaQBuAGQAZQByACAAIgAtAGUAIABmAGkAbABlADoALwAvAC8AQwA6AC8AbwBwAGUAbgBzAHQAYQBjAGsALwBiAHUAaQBsAGQALwBjAGkAbgBkAGUAcgAjAGUAZwBnAD0AYwBpAG4AZABlAHIAIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2077 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=10f5aafd-8b8f-4e50-84fa-8d6ae9b10a11
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAGMAaQBuAGQAZQByACAAIgAtAGUAIABmAGkAbABlADoALwAvAC8AQwA6AC8AbwBwAGUAbgBzAHQAYQBjAGsALwBiAHUAaQBsAGQALwBjAGkAbgBkAGUAcgAjAGUAZwBnAD0AYwBpAG4AZABlAHIAIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2076 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=10f5aafd-8b8f-4e50-84fa-8d6ae9b10a11
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAGMAaQBuAGQAZQByACAAIgAtAGUAIABmAGkAbABlADoALwAvAC8AQwA6AC8AbwBwAGUAbgBzAHQAYQBjAGsALwBiAHUAaQBsAGQALwBjAGkAbgBkAGUAcgAjAGUAZwBnAD0AYwBpAG4AZABlAHIAIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2075 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=10f5aafd-8b8f-4e50-84fa-8d6ae9b10a11
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAGMAaQBuAGQAZQByACAAIgAtAGUAIABmAGkAbABlADoALwAvAC8AQwA6AC8AbwBwAGUAbgBzAHQAYQBjAGsALwBiAHUAaQBsAGQALwBjAGkAbgBkAGUAcgAjAGUAZwBnAD0AYwBpAG4AZABlAHIAIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2074 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=51d795d1-9a9d-4226-8506-ad58aacff5ae
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e4a0c242-6701-4ae2-9d90-2d0719fef9b2
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2073 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=51d795d1-9a9d-4226-8506-ad58aacff5ae
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e4a0c242-6701-4ae2-9d90-2d0719fef9b2
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2072 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=51d795d1-9a9d-4226-8506-ad58aacff5ae
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2071 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=51d795d1-9a9d-4226-8506-ad58aacff5ae
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2070 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=51d795d1-9a9d-4226-8506-ad58aacff5ae
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2069 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=51d795d1-9a9d-4226-8506-ad58aacff5ae
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2068 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=51d795d1-9a9d-4226-8506-ad58aacff5ae
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2067 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=51d795d1-9a9d-4226-8506-ad58aacff5ae
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2066 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=51d795d1-9a9d-4226-8506-ad58aacff5ae
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2065 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=51d795d1-9a9d-4226-8506-ad58aacff5ae
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2064 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4e0e17d0-fa05-44b4-8a54-133b72ebbf34
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=76b648d8-2331-441c-9377-c9c56b258a3d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2063 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4e0e17d0-fa05-44b4-8a54-133b72ebbf34
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2062 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4e0e17d0-fa05-44b4-8a54-133b72ebbf34
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2061 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4e0e17d0-fa05-44b4-8a54-133b72ebbf34
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2060 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4e0e17d0-fa05-44b4-8a54-133b72ebbf34
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2059 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4e0e17d0-fa05-44b4-8a54-133b72ebbf34
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2058 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4e0e17d0-fa05-44b4-8a54-133b72ebbf34
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2057 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0934e399-82c4-4771-87bc-0c88cdd5fbef
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=db2f7bb7-6cce-4ef5-a225-028c517ec5fa
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2056 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c4f33ef4-c006-4131-a278-9ef0a85b6d8d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABjAGkAbgBkAGUAcgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=5.1.14393.1944
RunspaceId=c61c6576-2931-47d4-8e07-664b075909ff
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2055 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c4f33ef4-c006-4131-a278-9ef0a85b6d8d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABjAGkAbgBkAGUAcgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=5.1.14393.1944
RunspaceId=c61c6576-2931-47d4-8e07-664b075909ff
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2054 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c4f33ef4-c006-4131-a278-9ef0a85b6d8d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABjAGkAbgBkAGUAcgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2053 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c4f33ef4-c006-4131-a278-9ef0a85b6d8d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABjAGkAbgBkAGUAcgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2052 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c4f33ef4-c006-4131-a278-9ef0a85b6d8d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABjAGkAbgBkAGUAcgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2051 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c4f33ef4-c006-4131-a278-9ef0a85b6d8d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABjAGkAbgBkAGUAcgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2050 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c4f33ef4-c006-4131-a278-9ef0a85b6d8d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABjAGkAbgBkAGUAcgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2049 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c4f33ef4-c006-4131-a278-9ef0a85b6d8d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABjAGkAbgBkAGUAcgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2048 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a43d69ca-f6fd-4310-8e0d-344f5a1e7c43
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=2d182e46-220f-4819-99a3-81175ac8feb1
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2047 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a43d69ca-f6fd-4310-8e0d-344f5a1e7c43
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=2d182e46-220f-4819-99a3-81175ac8feb1
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2046 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a43d69ca-f6fd-4310-8e0d-344f5a1e7c43
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2045 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a43d69ca-f6fd-4310-8e0d-344f5a1e7c43
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2044 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a43d69ca-f6fd-4310-8e0d-344f5a1e7c43
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2043 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a43d69ca-f6fd-4310-8e0d-344f5a1e7c43
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2042 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a43d69ca-f6fd-4310-8e0d-344f5a1e7c43
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2041 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a43d69ca-f6fd-4310-8e0d-344f5a1e7c43
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2040 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a43d69ca-f6fd-4310-8e0d-344f5a1e7c43
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2039 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a43d69ca-f6fd-4310-8e0d-344f5a1e7c43
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2038 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0934e399-82c4-4771-87bc-0c88cdd5fbef
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=db2f7bb7-6cce-4ef5-a225-028c517ec5fa
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2037 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0934e399-82c4-4771-87bc-0c88cdd5fbef
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2036 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0934e399-82c4-4771-87bc-0c88cdd5fbef
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2035 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0934e399-82c4-4771-87bc-0c88cdd5fbef
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2034 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0934e399-82c4-4771-87bc-0c88cdd5fbef
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2033 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0934e399-82c4-4771-87bc-0c88cdd5fbef
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2032 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0934e399-82c4-4771-87bc-0c88cdd5fbef
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2031 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5336f6b6-a7b9-471c-b920-473ec138d1b8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAGcAQQB6AEEARABNAEEATQBRAEEAdQBBAEQAYwBBAE0AUQBBAHQAQQBEAEkAQQBNAEEAQQAzAEEARABnAEEATQB3AEEAeQBBAEQAWQBBAE0AUQBBADUAQQBEAE0AQQBPAFEAQQA0AEEARABjAEEATgBBAEEAMABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=3b740017-7f18-46ab-930d-16cc1f5818bc
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2030 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=14a7a763-a0b4-40a7-a1b3-05ac1adf02d8
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgAzADMAMQAuADcAMQAtADIAMAA3ADgAMwAyADYAMQA5ADMAOQA4ADcANAA0ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=55b0021e-8f83-4a49-b2e1-58689ed93953
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2029 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=14a7a763-a0b4-40a7-a1b3-05ac1adf02d8
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgAzADMAMQAuADcAMQAtADIAMAA3ADgAMwAyADYAMQA5ADMAOQA4ADcANAA0ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=55b0021e-8f83-4a49-b2e1-58689ed93953
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2028 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=14a7a763-a0b4-40a7-a1b3-05ac1adf02d8
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgAzADMAMQAuADcAMQAtADIAMAA3ADgAMwAyADYAMQA5ADMAOQA4ADcANAA0ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2027 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=14a7a763-a0b4-40a7-a1b3-05ac1adf02d8
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgAzADMAMQAuADcAMQAtADIAMAA3ADgAMwAyADYAMQA5ADMAOQA4ADcANAA0ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2026 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=14a7a763-a0b4-40a7-a1b3-05ac1adf02d8
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgAzADMAMQAuADcAMQAtADIAMAA3ADgAMwAyADYAMQA5ADMAOQA4ADcANAA0ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2025 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=14a7a763-a0b4-40a7-a1b3-05ac1adf02d8
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgAzADMAMQAuADcAMQAtADIAMAA3ADgAMwAyADYAMQA5ADMAOQA4ADcANAA0ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2024 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=14a7a763-a0b4-40a7-a1b3-05ac1adf02d8
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgAzADMAMQAuADcAMQAtADIAMAA3ADgAMwAyADYAMQA5ADMAOQA4ADcANAA0ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2023 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=14a7a763-a0b4-40a7-a1b3-05ac1adf02d8
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgAzADMAMQAuADcAMQAtADIAMAA3ADgAMwAyADYAMQA5ADMAOQA4ADcANAA0ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2022 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5336f6b6-a7b9-471c-b920-473ec138d1b8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAGcAQQB6AEEARABNAEEATQBRAEEAdQBBAEQAYwBBAE0AUQBBAHQAQQBEAEkAQQBNAEEAQQAzAEEARABnAEEATQB3AEEAeQBBAEQAWQBBAE0AUQBBADUAQQBEAE0AQQBPAFEAQQA0AEEARABjAEEATgBBAEEAMABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=3b740017-7f18-46ab-930d-16cc1f5818bc
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2021 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5336f6b6-a7b9-471c-b920-473ec138d1b8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAGcAQQB6AEEARABNAEEATQBRAEEAdQBBAEQAYwBBAE0AUQBBAHQAQQBEAEkAQQBNAEEAQQAzAEEARABnAEEATQB3AEEAeQBBAEQAWQBBAE0AUQBBADUAQQBEAE0AQQBPAFEAQQA0AEEARABjAEEATgBBAEEAMABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2020 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5336f6b6-a7b9-471c-b920-473ec138d1b8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAGcAQQB6AEEARABNAEEATQBRAEEAdQBBAEQAYwBBAE0AUQBBAHQAQQBEAEkAQQBNAEEAQQAzAEEARABnAEEATQB3AEEAeQBBAEQAWQBBAE0AUQBBADUAQQBEAE0AQQBPAFEAQQA0AEEARABjAEEATgBBAEEAMABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2019 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5336f6b6-a7b9-471c-b920-473ec138d1b8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAGcAQQB6AEEARABNAEEATQBRAEEAdQBBAEQAYwBBAE0AUQBBAHQAQQBEAEkAQQBNAEEAQQAzAEEARABnAEEATQB3AEEAeQBBAEQAWQBBAE0AUQBBADUAQQBEAE0AQQBPAFEAQQA0AEEARABjAEEATgBBAEEAMABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2018 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5336f6b6-a7b9-471c-b920-473ec138d1b8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAGcAQQB6AEEARABNAEEATQBRAEEAdQBBAEQAYwBBAE0AUQBBAHQAQQBEAEkAQQBNAEEAQQAzAEEARABnAEEATQB3AEEAeQBBAEQAWQBBAE0AUQBBADUAQQBEAE0AQQBPAFEAQQA0AEEARABjAEEATgBBAEEAMABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2017 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5336f6b6-a7b9-471c-b920-473ec138d1b8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAGcAQQB6AEEARABNAEEATQBRAEEAdQBBAEQAYwBBAE0AUQBBAHQAQQBEAEkAQQBNAEEAQQAzAEEARABnAEEATQB3AEEAeQBBAEQAWQBBAE0AUQBBADUAQQBEAE0AQQBPAFEAQQA0AEEARABjAEEATgBBAEEAMABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2016 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5336f6b6-a7b9-471c-b920-473ec138d1b8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAGcAQQB6AEEARABNAEEATQBRAEEAdQBBAEQAYwBBAE0AUQBBAHQAQQBEAEkAQQBNAEEAQQAzAEEARABnAEEATQB3AEEAeQBBAEQAWQBBAE0AUQBBADUAQQBEAE0AQQBPAFEAQQA0AEEARABjAEEATgBBAEEAMABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2015 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=291b3658-30c3-4db0-9e20-42a84adc1638
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=048b801f-9e7a-4ebf-a501-eed21cba0230
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2014 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3bbdf4bc-b48a-472e-812b-6e1861ad501a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=1208254a-67ae-415e-b00c-3e5e8209302e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2013 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3bbdf4bc-b48a-472e-812b-6e1861ad501a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2012 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3bbdf4bc-b48a-472e-812b-6e1861ad501a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2011 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3bbdf4bc-b48a-472e-812b-6e1861ad501a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2010 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3bbdf4bc-b48a-472e-812b-6e1861ad501a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2009 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3bbdf4bc-b48a-472e-812b-6e1861ad501a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2008 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3bbdf4bc-b48a-472e-812b-6e1861ad501a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2007 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3bbdf4bc-b48a-472e-812b-6e1861ad501a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2006 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3bbdf4bc-b48a-472e-812b-6e1861ad501a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2005 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=291b3658-30c3-4db0-9e20-42a84adc1638
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=048b801f-9e7a-4ebf-a501-eed21cba0230
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2004 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=291b3658-30c3-4db0-9e20-42a84adc1638
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2003 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=291b3658-30c3-4db0-9e20-42a84adc1638
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2002 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=291b3658-30c3-4db0-9e20-42a84adc1638
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2001 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=291b3658-30c3-4db0-9e20-42a84adc1638
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2000 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=291b3658-30c3-4db0-9e20-42a84adc1638
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1999 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=291b3658-30c3-4db0-9e20-42a84adc1638
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1998 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2c6396cb-22e2-4a75-acab-aa3c7e0d5af1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgAzADMAMQAuADcAMQAtADIAMAA3ADgAMwAyADYAMQA5ADMAOQA4ADcANAA0AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=cd730034-20c0-4d0f-b9d9-34624503d682
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1997 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2c6396cb-22e2-4a75-acab-aa3c7e0d5af1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgAzADMAMQAuADcAMQAtADIAMAA3ADgAMwAyADYAMQA5ADMAOQA4ADcANAA0AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=cd730034-20c0-4d0f-b9d9-34624503d682
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1996 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2c6396cb-22e2-4a75-acab-aa3c7e0d5af1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgAzADMAMQAuADcAMQAtADIAMAA3ADgAMwAyADYAMQA5ADMAOQA4ADcANAA0AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1995 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2c6396cb-22e2-4a75-acab-aa3c7e0d5af1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgAzADMAMQAuADcAMQAtADIAMAA3ADgAMwAyADYAMQA5ADMAOQA4ADcANAA0AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1994 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2c6396cb-22e2-4a75-acab-aa3c7e0d5af1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgAzADMAMQAuADcAMQAtADIAMAA3ADgAMwAyADYAMQA5ADMAOQA4ADcANAA0AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1993 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2c6396cb-22e2-4a75-acab-aa3c7e0d5af1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgAzADMAMQAuADcAMQAtADIAMAA3ADgAMwAyADYAMQA5ADMAOQA4ADcANAA0AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1992 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2c6396cb-22e2-4a75-acab-aa3c7e0d5af1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgAzADMAMQAuADcAMQAtADIAMAA3ADgAMwAyADYAMQA5ADMAOQA4ADcANAA0AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1991 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2c6396cb-22e2-4a75-acab-aa3c7e0d5af1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgAzADMAMQAuADcAMQAtADIAMAA3ADgAMwAyADYAMQA5ADMAOQA4ADcANAA0AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1990 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=94bb7420-45f9-484b-a99f-83fcabe23fd4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAE0AQQBNAHcAQQB4AEEAQwA0AEEATgB3AEEAeABBAEMAMABBAE0AZwBBAHcAQQBEAGMAQQBPAEEAQQB6AEEARABJAEEATgBnAEEAeABBAEQAawBBAE0AdwBBADUAQQBEAGcAQQBOAHcAQQAwAEEARABRAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=563beba7-b0f1-4ab7-a4b1-6ebbbba06d4e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1989 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bc27db66-a0bf-41a0-ac85-b15485671339
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAyADMAMwAxAC4ANwAxAC0AMgAwADcAOAAzADIANgAxADkAMwA5ADgANwA0ADQAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=5815aabc-820e-4581-9f44-25e38abd6cbe
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1988 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bc27db66-a0bf-41a0-ac85-b15485671339
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAyADMAMwAxAC4ANwAxAC0AMgAwADcAOAAzADIANgAxADkAMwA5ADgANwA0ADQAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=5815aabc-820e-4581-9f44-25e38abd6cbe
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1987 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bc27db66-a0bf-41a0-ac85-b15485671339
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAyADMAMwAxAC4ANwAxAC0AMgAwADcAOAAzADIANgAxADkAMwA5ADgANwA0ADQAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1986 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bc27db66-a0bf-41a0-ac85-b15485671339
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAyADMAMwAxAC4ANwAxAC0AMgAwADcAOAAzADIANgAxADkAMwA5ADgANwA0ADQAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1985 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bc27db66-a0bf-41a0-ac85-b15485671339
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAyADMAMwAxAC4ANwAxAC0AMgAwADcAOAAzADIANgAxADkAMwA5ADgANwA0ADQAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1984 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bc27db66-a0bf-41a0-ac85-b15485671339
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAyADMAMwAxAC4ANwAxAC0AMgAwADcAOAAzADIANgAxADkAMwA5ADgANwA0ADQAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1983 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bc27db66-a0bf-41a0-ac85-b15485671339
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAyADMAMwAxAC4ANwAxAC0AMgAwADcAOAAzADIANgAxADkAMwA5ADgANwA0ADQAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1982 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bc27db66-a0bf-41a0-ac85-b15485671339
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAyADMAMwAxAC4ANwAxAC0AMgAwADcAOAAzADIANgAxADkAMwA5ADgANwA0ADQAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1981 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=94bb7420-45f9-484b-a99f-83fcabe23fd4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAE0AQQBNAHcAQQB4AEEAQwA0AEEATgB3AEEAeABBAEMAMABBAE0AZwBBAHcAQQBEAGMAQQBPAEEAQQB6AEEARABJAEEATgBnAEEAeABBAEQAawBBAE0AdwBBADUAQQBEAGcAQQBOAHcAQQAwAEEARABRAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=563beba7-b0f1-4ab7-a4b1-6ebbbba06d4e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1980 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=94bb7420-45f9-484b-a99f-83fcabe23fd4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAE0AQQBNAHcAQQB4AEEAQwA0AEEATgB3AEEAeABBAEMAMABBAE0AZwBBAHcAQQBEAGMAQQBPAEEAQQB6AEEARABJAEEATgBnAEEAeABBAEQAawBBAE0AdwBBADUAQQBEAGcAQQBOAHcAQQAwAEEARABRAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1979 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=94bb7420-45f9-484b-a99f-83fcabe23fd4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAE0AQQBNAHcAQQB4AEEAQwA0AEEATgB3AEEAeABBAEMAMABBAE0AZwBBAHcAQQBEAGMAQQBPAEEAQQB6AEEARABJAEEATgBnAEEAeABBAEQAawBBAE0AdwBBADUAQQBEAGcAQQBOAHcAQQAwAEEARABRAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1978 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=94bb7420-45f9-484b-a99f-83fcabe23fd4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAE0AQQBNAHcAQQB4AEEAQwA0AEEATgB3AEEAeABBAEMAMABBAE0AZwBBAHcAQQBEAGMAQQBPAEEAQQB6AEEARABJAEEATgBnAEEAeABBAEQAawBBAE0AdwBBADUAQQBEAGcAQQBOAHcAQQAwAEEARABRAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1977 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=94bb7420-45f9-484b-a99f-83fcabe23fd4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAE0AQQBNAHcAQQB4AEEAQwA0AEEATgB3AEEAeABBAEMAMABBAE0AZwBBAHcAQQBEAGMAQQBPAEEAQQB6AEEARABJAEEATgBnAEEAeABBAEQAawBBAE0AdwBBADUAQQBEAGcAQQBOAHcAQQAwAEEARABRAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1976 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=94bb7420-45f9-484b-a99f-83fcabe23fd4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAE0AQQBNAHcAQQB4AEEAQwA0AEEATgB3AEEAeABBAEMAMABBAE0AZwBBAHcAQQBEAGMAQQBPAEEAQQB6AEEARABJAEEATgBnAEEAeABBAEQAawBBAE0AdwBBADUAQQBEAGcAQQBOAHcAQQAwAEEARABRAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1975 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=94bb7420-45f9-484b-a99f-83fcabe23fd4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAE0AQQBNAHcAQQB4AEEAQwA0AEEATgB3AEEAeABBAEMAMABBAE0AZwBBAHcAQQBEAGMAQQBPAEEAQQB6AEEARABJAEEATgBnAEEAeABBAEQAawBBAE0AdwBBADUAQQBEAGcAQQBOAHcAQQAwAEEARABRAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1974 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b4ffe472-b4a6-4642-b61b-cdc2c916f453
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=88e9265a-292b-43c3-990f-292bff5ae7ca
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1973 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=676a9edf-8b1b-4221-aa91-0a849f8f751f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=8e2c4291-2627-4386-9f5d-432906e7ce24
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1972 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=676a9edf-8b1b-4221-aa91-0a849f8f751f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1971 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=676a9edf-8b1b-4221-aa91-0a849f8f751f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1970 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=676a9edf-8b1b-4221-aa91-0a849f8f751f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1969 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=676a9edf-8b1b-4221-aa91-0a849f8f751f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1968 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=676a9edf-8b1b-4221-aa91-0a849f8f751f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1967 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=676a9edf-8b1b-4221-aa91-0a849f8f751f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1966 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=676a9edf-8b1b-4221-aa91-0a849f8f751f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1965 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=676a9edf-8b1b-4221-aa91-0a849f8f751f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1964 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b4ffe472-b4a6-4642-b61b-cdc2c916f453
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=88e9265a-292b-43c3-990f-292bff5ae7ca
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1963 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b4ffe472-b4a6-4642-b61b-cdc2c916f453
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1962 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b4ffe472-b4a6-4642-b61b-cdc2c916f453
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1961 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b4ffe472-b4a6-4642-b61b-cdc2c916f453
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1960 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b4ffe472-b4a6-4642-b61b-cdc2c916f453
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1959 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b4ffe472-b4a6-4642-b61b-cdc2c916f453
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1958 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b4ffe472-b4a6-4642-b61b-cdc2c916f453
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1957 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c58699c2-c3a8-4895-b80b-fc12d2485fce
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b374595c-27ff-488c-9d25-800a80ec7d99
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1956 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=017291c2-1cce-4ce8-a443-ed3241bac826
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAA==
EngineVersion=5.1.14393.1944
RunspaceId=c3aada19-60d7-47ec-9774-bbdc0acc9c69
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1955 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:32:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=017291c2-1cce-4ce8-a443-ed3241bac826
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAA==
EngineVersion=5.1.14393.1944
RunspaceId=c3aada19-60d7-47ec-9774-bbdc0acc9c69
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1954 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:43 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=017291c2-1cce-4ce8-a443-ed3241bac826
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1953 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:43 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=017291c2-1cce-4ce8-a443-ed3241bac826
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1952 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:43 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=017291c2-1cce-4ce8-a443-ed3241bac826
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1951 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:43 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=017291c2-1cce-4ce8-a443-ed3241bac826
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1950 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:43 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=017291c2-1cce-4ce8-a443-ed3241bac826
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1949 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:43 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=017291c2-1cce-4ce8-a443-ed3241bac826
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1948 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:43 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=21eb745b-42c2-422a-a241-f50896ba2f0b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=d78c3dda-7e8b-4533-bba3-090f16d10a88
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1947 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:43 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=21eb745b-42c2-422a-a241-f50896ba2f0b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=d78c3dda-7e8b-4533-bba3-090f16d10a88
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1946 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:42 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=21eb745b-42c2-422a-a241-f50896ba2f0b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1945 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:42 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=21eb745b-42c2-422a-a241-f50896ba2f0b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1944 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:42 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=21eb745b-42c2-422a-a241-f50896ba2f0b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1943 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:42 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=21eb745b-42c2-422a-a241-f50896ba2f0b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1942 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:42 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=21eb745b-42c2-422a-a241-f50896ba2f0b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1941 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:42 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=21eb745b-42c2-422a-a241-f50896ba2f0b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1940 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:42 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=21eb745b-42c2-422a-a241-f50896ba2f0b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1939 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:42 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=21eb745b-42c2-422a-a241-f50896ba2f0b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1938 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:42 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c58699c2-c3a8-4895-b80b-fc12d2485fce
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b374595c-27ff-488c-9d25-800a80ec7d99
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1937 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:41 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c58699c2-c3a8-4895-b80b-fc12d2485fce
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1936 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:41 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c58699c2-c3a8-4895-b80b-fc12d2485fce
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1935 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:41 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c58699c2-c3a8-4895-b80b-fc12d2485fce
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1934 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:41 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c58699c2-c3a8-4895-b80b-fc12d2485fce
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1933 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:41 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c58699c2-c3a8-4895-b80b-fc12d2485fce
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1932 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:41 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c58699c2-c3a8-4895-b80b-fc12d2485fce
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1931 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:41 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1308233e-3b1f-4903-9d3f-4debf042f336
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9e4c8ada-c15f-4b1d-ab28-2212fda9e723
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1930 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:40 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7aada7ef-a676-4068-8efe-abafd76ca7ca
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=5.1.14393.1944
RunspaceId=90d9ddc2-9800-4af4-8ce7-0bd96237b108
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1929 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:40 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7aada7ef-a676-4068-8efe-abafd76ca7ca
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=5.1.14393.1944
RunspaceId=90d9ddc2-9800-4af4-8ce7-0bd96237b108
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1928 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:40 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7aada7ef-a676-4068-8efe-abafd76ca7ca
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1927 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:40 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7aada7ef-a676-4068-8efe-abafd76ca7ca
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1926 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:40 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7aada7ef-a676-4068-8efe-abafd76ca7ca
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1925 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:40 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7aada7ef-a676-4068-8efe-abafd76ca7ca
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1924 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:40 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7aada7ef-a676-4068-8efe-abafd76ca7ca
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1923 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:40 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7aada7ef-a676-4068-8efe-abafd76ca7ca
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1922 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:40 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=47ed31b0-059a-4167-b605-5548e8661d89
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=145c3c2d-d0e8-45f9-a168-ff0a7bca001e
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1921 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:40 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=47ed31b0-059a-4167-b605-5548e8661d89
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=145c3c2d-d0e8-45f9-a168-ff0a7bca001e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1920 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:39 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=47ed31b0-059a-4167-b605-5548e8661d89
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1919 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:39 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=47ed31b0-059a-4167-b605-5548e8661d89
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1918 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:39 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=47ed31b0-059a-4167-b605-5548e8661d89
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1917 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:39 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=47ed31b0-059a-4167-b605-5548e8661d89
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1916 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:39 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=47ed31b0-059a-4167-b605-5548e8661d89
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1915 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:39 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=47ed31b0-059a-4167-b605-5548e8661d89
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1914 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:39 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=47ed31b0-059a-4167-b605-5548e8661d89
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1913 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:39 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=47ed31b0-059a-4167-b605-5548e8661d89
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1912 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:39 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1308233e-3b1f-4903-9d3f-4debf042f336
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9e4c8ada-c15f-4b1d-ab28-2212fda9e723
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1911 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:38 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1308233e-3b1f-4903-9d3f-4debf042f336
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1910 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:38 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1308233e-3b1f-4903-9d3f-4debf042f336
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1909 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:38 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1308233e-3b1f-4903-9d3f-4debf042f336
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1908 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:38 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1308233e-3b1f-4903-9d3f-4debf042f336
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1907 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:38 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1308233e-3b1f-4903-9d3f-4debf042f336
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1906 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:38 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1308233e-3b1f-4903-9d3f-4debf042f336
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1905 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:38 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9cc02f4a-e91b-4e40-b76d-69a570bab9b2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e8520ddf-946e-488a-ad91-d84c8ed15707
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1904 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:37 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ada1b7a5-1cd3-45e6-bb72-7f7e88652d76
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABwAHkAdwBpAG4AMwAyACAAcABiAHIAIABwAHkAbQB5AHMAcQBsACAAbwB2AHMA
EngineVersion=5.1.14393.1944
RunspaceId=4fe33ea2-3956-48fc-8a18-01c670e8f5d6
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1903 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:37 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ada1b7a5-1cd3-45e6-bb72-7f7e88652d76
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABwAHkAdwBpAG4AMwAyACAAcABiAHIAIABwAHkAbQB5AHMAcQBsACAAbwB2AHMA
EngineVersion=5.1.14393.1944
RunspaceId=4fe33ea2-3956-48fc-8a18-01c670e8f5d6
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1902 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ada1b7a5-1cd3-45e6-bb72-7f7e88652d76
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABwAHkAdwBpAG4AMwAyACAAcABiAHIAIABwAHkAbQB5AHMAcQBsACAAbwB2AHMA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1901 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ada1b7a5-1cd3-45e6-bb72-7f7e88652d76
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABwAHkAdwBpAG4AMwAyACAAcABiAHIAIABwAHkAbQB5AHMAcQBsACAAbwB2AHMA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1900 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ada1b7a5-1cd3-45e6-bb72-7f7e88652d76
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABwAHkAdwBpAG4AMwAyACAAcABiAHIAIABwAHkAbQB5AHMAcQBsACAAbwB2AHMA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1899 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ada1b7a5-1cd3-45e6-bb72-7f7e88652d76
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABwAHkAdwBpAG4AMwAyACAAcABiAHIAIABwAHkAbQB5AHMAcQBsACAAbwB2AHMA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1898 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ada1b7a5-1cd3-45e6-bb72-7f7e88652d76
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABwAHkAdwBpAG4AMwAyACAAcABiAHIAIABwAHkAbQB5AHMAcQBsACAAbwB2AHMA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1897 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ada1b7a5-1cd3-45e6-bb72-7f7e88652d76
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABwAHkAdwBpAG4AMwAyACAAcABiAHIAIABwAHkAbQB5AHMAcQBsACAAbwB2AHMA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1896 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ec30e2c4-73d0-4f41-83ea-748a857504bc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=72778024-7ae1-4ed9-b1e0-fb5f5da2fe69
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1895 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ec30e2c4-73d0-4f41-83ea-748a857504bc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=72778024-7ae1-4ed9-b1e0-fb5f5da2fe69
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1894 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ec30e2c4-73d0-4f41-83ea-748a857504bc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1893 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ec30e2c4-73d0-4f41-83ea-748a857504bc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1892 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ec30e2c4-73d0-4f41-83ea-748a857504bc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1891 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ec30e2c4-73d0-4f41-83ea-748a857504bc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1890 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ec30e2c4-73d0-4f41-83ea-748a857504bc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1889 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ec30e2c4-73d0-4f41-83ea-748a857504bc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1888 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ec30e2c4-73d0-4f41-83ea-748a857504bc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1887 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ec30e2c4-73d0-4f41-83ea-748a857504bc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1886 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9cc02f4a-e91b-4e40-b76d-69a570bab9b2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e8520ddf-946e-488a-ad91-d84c8ed15707
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1885 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9cc02f4a-e91b-4e40-b76d-69a570bab9b2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1884 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9cc02f4a-e91b-4e40-b76d-69a570bab9b2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1883 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9cc02f4a-e91b-4e40-b76d-69a570bab9b2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1882 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9cc02f4a-e91b-4e40-b76d-69a570bab9b2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1881 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9cc02f4a-e91b-4e40-b76d-69a570bab9b2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1880 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9cc02f4a-e91b-4e40-b76d-69a570bab9b2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1879 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=82672b3c-328e-459a-91c6-fe60b7a24922
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=4f07e944-b1cd-4288-a384-01fb2540ae6c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1878 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=54e4d915-b721-4bf3-87ac-e6dcc4f64a7d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABzAGUAdAB1AHAAdABvAG8AbABzAA==
EngineVersion=5.1.14393.1944
RunspaceId=f882a45a-9b77-482e-895c-c7583fb77b3e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1877 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=54e4d915-b721-4bf3-87ac-e6dcc4f64a7d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABzAGUAdAB1AHAAdABvAG8AbABzAA==
EngineVersion=5.1.14393.1944
RunspaceId=f882a45a-9b77-482e-895c-c7583fb77b3e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1876 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=54e4d915-b721-4bf3-87ac-e6dcc4f64a7d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABzAGUAdAB1AHAAdABvAG8AbABzAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1875 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=54e4d915-b721-4bf3-87ac-e6dcc4f64a7d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABzAGUAdAB1AHAAdABvAG8AbABzAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1874 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=54e4d915-b721-4bf3-87ac-e6dcc4f64a7d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABzAGUAdAB1AHAAdABvAG8AbABzAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1873 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=54e4d915-b721-4bf3-87ac-e6dcc4f64a7d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABzAGUAdAB1AHAAdABvAG8AbABzAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1872 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=54e4d915-b721-4bf3-87ac-e6dcc4f64a7d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABzAGUAdAB1AHAAdABvAG8AbABzAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1871 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=54e4d915-b721-4bf3-87ac-e6dcc4f64a7d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABzAGUAdAB1AHAAdABvAG8AbABzAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1870 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a94487ac-f536-4bee-8ff4-835224993ac9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=90944e50-fadf-4b13-8307-138f8d2a366b
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1869 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a94487ac-f536-4bee-8ff4-835224993ac9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=90944e50-fadf-4b13-8307-138f8d2a366b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1868 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a94487ac-f536-4bee-8ff4-835224993ac9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1867 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a94487ac-f536-4bee-8ff4-835224993ac9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1866 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a94487ac-f536-4bee-8ff4-835224993ac9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1865 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a94487ac-f536-4bee-8ff4-835224993ac9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1864 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a94487ac-f536-4bee-8ff4-835224993ac9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1863 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a94487ac-f536-4bee-8ff4-835224993ac9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1862 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a94487ac-f536-4bee-8ff4-835224993ac9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1861 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a94487ac-f536-4bee-8ff4-835224993ac9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1860 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=82672b3c-328e-459a-91c6-fe60b7a24922
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=4f07e944-b1cd-4288-a384-01fb2540ae6c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1859 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=82672b3c-328e-459a-91c6-fe60b7a24922
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1858 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=82672b3c-328e-459a-91c6-fe60b7a24922
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1857 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=82672b3c-328e-459a-91c6-fe60b7a24922
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1856 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=82672b3c-328e-459a-91c6-fe60b7a24922
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1855 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=82672b3c-328e-459a-91c6-fe60b7a24922
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1854 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=82672b3c-328e-459a-91c6-fe60b7a24922
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1853 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=73609dde-e722-4fc9-80a2-758964771c53
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c65f55cc-5af1-4dd5-9512-73f42a5bd575
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1852 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:06 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e1615e86-d95d-4222-907c-dca5a0cff149
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAGcAYwAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAKQAgAC0AcgBlAHAAbABhAGMAZQAgACIAXgB5AGEAcABwAGkALgAqACIALAAgACIAeQBhAHAAcABpAD0APQA9ADEALgAwACIAIAB8ACAAUwBlAHQALQBDAG8AbgB0AGUAbgB0ACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAA=
EngineVersion=5.1.14393.1944
RunspaceId=3ffb044f-4b6f-4779-bc90-fa589208751b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1851 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:06 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e1615e86-d95d-4222-907c-dca5a0cff149
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAGcAYwAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAKQAgAC0AcgBlAHAAbABhAGMAZQAgACIAXgB5AGEAcABwAGkALgAqACIALAAgACIAeQBhAHAAcABpAD0APQA9ADEALgAwACIAIAB8ACAAUwBlAHQALQBDAG8AbgB0AGUAbgB0ACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAA=
EngineVersion=5.1.14393.1944
RunspaceId=3ffb044f-4b6f-4779-bc90-fa589208751b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1850 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:06 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e1615e86-d95d-4222-907c-dca5a0cff149
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAGcAYwAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAKQAgAC0AcgBlAHAAbABhAGMAZQAgACIAXgB5AGEAcABwAGkALgAqACIALAAgACIAeQBhAHAAcABpAD0APQA9ADEALgAwACIAIAB8ACAAUwBlAHQALQBDAG8AbgB0AGUAbgB0ACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1849 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:06 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e1615e86-d95d-4222-907c-dca5a0cff149
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAGcAYwAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAKQAgAC0AcgBlAHAAbABhAGMAZQAgACIAXgB5AGEAcABwAGkALgAqACIALAAgACIAeQBhAHAAcABpAD0APQA9ADEALgAwACIAIAB8ACAAUwBlAHQALQBDAG8AbgB0AGUAbgB0ACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1848 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:06 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e1615e86-d95d-4222-907c-dca5a0cff149
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAGcAYwAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAKQAgAC0AcgBlAHAAbABhAGMAZQAgACIAXgB5AGEAcABwAGkALgAqACIALAAgACIAeQBhAHAAcABpAD0APQA9ADEALgAwACIAIAB8ACAAUwBlAHQALQBDAG8AbgB0AGUAbgB0ACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1847 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:06 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e1615e86-d95d-4222-907c-dca5a0cff149
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAGcAYwAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAKQAgAC0AcgBlAHAAbABhAGMAZQAgACIAXgB5AGEAcABwAGkALgAqACIALAAgACIAeQBhAHAAcABpAD0APQA9ADEALgAwACIAIAB8ACAAUwBlAHQALQBDAG8AbgB0AGUAbgB0ACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1846 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:06 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e1615e86-d95d-4222-907c-dca5a0cff149
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAGcAYwAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAKQAgAC0AcgBlAHAAbABhAGMAZQAgACIAXgB5AGEAcABwAGkALgAqACIALAAgACIAeQBhAHAAcABpAD0APQA9ADEALgAwACIAIAB8ACAAUwBlAHQALQBDAG8AbgB0AGUAbgB0ACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1845 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:06 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e1615e86-d95d-4222-907c-dca5a0cff149
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAGcAYwAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAKQAgAC0AcgBlAHAAbABhAGMAZQAgACIAXgB5AGEAcABwAGkALgAqACIALAAgACIAeQBhAHAAcABpAD0APQA9ADEALgAwACIAIAB8ACAAUwBlAHQALQBDAG8AbgB0AGUAbgB0ACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1844 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:06 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ba1a99be-9d38-4202-af3a-fdb87fa1a8e8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=eb2ff1bf-9902-4556-84d5-932173893c85
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1843 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:05 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ba1a99be-9d38-4202-af3a-fdb87fa1a8e8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=eb2ff1bf-9902-4556-84d5-932173893c85
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1842 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:05 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ba1a99be-9d38-4202-af3a-fdb87fa1a8e8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1841 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:05 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ba1a99be-9d38-4202-af3a-fdb87fa1a8e8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1840 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:05 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ba1a99be-9d38-4202-af3a-fdb87fa1a8e8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1839 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:05 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ba1a99be-9d38-4202-af3a-fdb87fa1a8e8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1838 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:05 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ba1a99be-9d38-4202-af3a-fdb87fa1a8e8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1837 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:05 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ba1a99be-9d38-4202-af3a-fdb87fa1a8e8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1836 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:05 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ba1a99be-9d38-4202-af3a-fdb87fa1a8e8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1835 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:05 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ba1a99be-9d38-4202-af3a-fdb87fa1a8e8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1834 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:05 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=73609dde-e722-4fc9-80a2-758964771c53
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c65f55cc-5af1-4dd5-9512-73f42a5bd575
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1833 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:04 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=73609dde-e722-4fc9-80a2-758964771c53
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1832 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:04 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=73609dde-e722-4fc9-80a2-758964771c53
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1831 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:04 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=73609dde-e722-4fc9-80a2-758964771c53
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1830 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:04 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=73609dde-e722-4fc9-80a2-758964771c53
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1829 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:04 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=73609dde-e722-4fc9-80a2-758964771c53
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1828 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:04 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=73609dde-e722-4fc9-80a2-758964771c53
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1827 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:04 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0afadfdc-7632-48c1-a2b2-44b8b1a289bc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAGcAQQB5AEEARABZAEEATQBBAEEAdQBBAEQAQQBBAE0AZwBBAHQAQQBEAEUAQQBOAFEAQQAzAEEARABjAEEATQBnAEEAeQBBAEQAYwBBAE4AUQBBADEAQQBEAEkAQQBOAFEAQQAxAEEARABJAEEATQBRAEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=3e50fa7c-9b83-4d7d-953d-a8049496a007
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1826 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=07deb78a-d0a5-4c15-9951-81ead8f183a6
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgAyADYAMAAuADAAMgAtADEANQA3ADcAMgAyADcANQA1ADIANQA1ADIAMQAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=81904040-6ce9-4234-8002-e60c7c48f570
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1825 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=07deb78a-d0a5-4c15-9951-81ead8f183a6
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgAyADYAMAAuADAAMgAtADEANQA3ADcAMgAyADcANQA1ADIANQA1ADIAMQAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=81904040-6ce9-4234-8002-e60c7c48f570
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1824 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=07deb78a-d0a5-4c15-9951-81ead8f183a6
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgAyADYAMAAuADAAMgAtADEANQA3ADcAMgAyADcANQA1ADIANQA1ADIAMQAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1823 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=07deb78a-d0a5-4c15-9951-81ead8f183a6
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgAyADYAMAAuADAAMgAtADEANQA3ADcAMgAyADcANQA1ADIANQA1ADIAMQAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1822 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=07deb78a-d0a5-4c15-9951-81ead8f183a6
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgAyADYAMAAuADAAMgAtADEANQA3ADcAMgAyADcANQA1ADIANQA1ADIAMQAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1821 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=07deb78a-d0a5-4c15-9951-81ead8f183a6
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgAyADYAMAAuADAAMgAtADEANQA3ADcAMgAyADcANQA1ADIANQA1ADIAMQAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1820 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=07deb78a-d0a5-4c15-9951-81ead8f183a6
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgAyADYAMAAuADAAMgAtADEANQA3ADcAMgAyADcANQA1ADIANQA1ADIAMQAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1819 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=07deb78a-d0a5-4c15-9951-81ead8f183a6
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgAyADYAMAAuADAAMgAtADEANQA3ADcAMgAyADcANQA1ADIANQA1ADIAMQAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1818 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0afadfdc-7632-48c1-a2b2-44b8b1a289bc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAGcAQQB5AEEARABZAEEATQBBAEEAdQBBAEQAQQBBAE0AZwBBAHQAQQBEAEUAQQBOAFEAQQAzAEEARABjAEEATQBnAEEAeQBBAEQAYwBBAE4AUQBBADEAQQBEAEkAQQBOAFEAQQAxAEEARABJAEEATQBRAEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=3e50fa7c-9b83-4d7d-953d-a8049496a007
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1817 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0afadfdc-7632-48c1-a2b2-44b8b1a289bc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAGcAQQB5AEEARABZAEEATQBBAEEAdQBBAEQAQQBBAE0AZwBBAHQAQQBEAEUAQQBOAFEAQQAzAEEARABjAEEATQBnAEEAeQBBAEQAYwBBAE4AUQBBADEAQQBEAEkAQQBOAFEAQQAxAEEARABJAEEATQBRAEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1816 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0afadfdc-7632-48c1-a2b2-44b8b1a289bc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAGcAQQB5AEEARABZAEEATQBBAEEAdQBBAEQAQQBBAE0AZwBBAHQAQQBEAEUAQQBOAFEAQQAzAEEARABjAEEATQBnAEEAeQBBAEQAYwBBAE4AUQBBADEAQQBEAEkAQQBOAFEAQQAxAEEARABJAEEATQBRAEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1815 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0afadfdc-7632-48c1-a2b2-44b8b1a289bc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAGcAQQB5AEEARABZAEEATQBBAEEAdQBBAEQAQQBBAE0AZwBBAHQAQQBEAEUAQQBOAFEAQQAzAEEARABjAEEATQBnAEEAeQBBAEQAYwBBAE4AUQBBADEAQQBEAEkAQQBOAFEAQQAxAEEARABJAEEATQBRAEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1814 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0afadfdc-7632-48c1-a2b2-44b8b1a289bc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAGcAQQB5AEEARABZAEEATQBBAEEAdQBBAEQAQQBBAE0AZwBBAHQAQQBEAEUAQQBOAFEAQQAzAEEARABjAEEATQBnAEEAeQBBAEQAYwBBAE4AUQBBADEAQQBEAEkAQQBOAFEAQQAxAEEARABJAEEATQBRAEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1813 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0afadfdc-7632-48c1-a2b2-44b8b1a289bc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAGcAQQB5AEEARABZAEEATQBBAEEAdQBBAEQAQQBBAE0AZwBBAHQAQQBEAEUAQQBOAFEAQQAzAEEARABjAEEATQBnAEEAeQBBAEQAYwBBAE4AUQBBADEAQQBEAEkAQQBOAFEAQQAxAEEARABJAEEATQBRAEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1812 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0afadfdc-7632-48c1-a2b2-44b8b1a289bc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAGcAQQB5AEEARABZAEEATQBBAEEAdQBBAEQAQQBBAE0AZwBBAHQAQQBEAEUAQQBOAFEAQQAzAEEARABjAEEATQBnAEEAeQBBAEQAYwBBAE4AUQBBADEAQQBEAEkAQQBOAFEAQQAxAEEARABJAEEATQBRAEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1811 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1c5ef269-d7e9-42cf-abb1-5534268b2f62
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=7dc089f9-28ea-46cd-b52e-a6eec4b5e5a9
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1810 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e4488fdb-1bde-4c0e-b293-4ddf5c274b9a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=dba749e4-568c-4805-8dc1-0d774ec0e94a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1809 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e4488fdb-1bde-4c0e-b293-4ddf5c274b9a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1808 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e4488fdb-1bde-4c0e-b293-4ddf5c274b9a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1807 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e4488fdb-1bde-4c0e-b293-4ddf5c274b9a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1806 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e4488fdb-1bde-4c0e-b293-4ddf5c274b9a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1805 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e4488fdb-1bde-4c0e-b293-4ddf5c274b9a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1804 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e4488fdb-1bde-4c0e-b293-4ddf5c274b9a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1803 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e4488fdb-1bde-4c0e-b293-4ddf5c274b9a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1802 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e4488fdb-1bde-4c0e-b293-4ddf5c274b9a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1801 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1c5ef269-d7e9-42cf-abb1-5534268b2f62
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=7dc089f9-28ea-46cd-b52e-a6eec4b5e5a9
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1800 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:01 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1c5ef269-d7e9-42cf-abb1-5534268b2f62
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1799 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:01 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1c5ef269-d7e9-42cf-abb1-5534268b2f62
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1798 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:01 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1c5ef269-d7e9-42cf-abb1-5534268b2f62
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1797 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:01 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1c5ef269-d7e9-42cf-abb1-5534268b2f62
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1796 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:01 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1c5ef269-d7e9-42cf-abb1-5534268b2f62
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1795 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:01 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1c5ef269-d7e9-42cf-abb1-5534268b2f62
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1794 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:01 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=02451a53-a51a-4e9b-be2b-feaac40369df
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgAyADYAMAAuADAAMgAtADEANQA3ADcAMgAyADcANQA1ADIANQA1ADIAMQAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=b6b77da3-3a20-4f46-8838-ad98a30bdb13
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1793 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:01 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=02451a53-a51a-4e9b-be2b-feaac40369df
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgAyADYAMAAuADAAMgAtADEANQA3ADcAMgAyADcANQA1ADIANQA1ADIAMQAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=b6b77da3-3a20-4f46-8838-ad98a30bdb13
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1792 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:00 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=02451a53-a51a-4e9b-be2b-feaac40369df
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgAyADYAMAAuADAAMgAtADEANQA3ADcAMgAyADcANQA1ADIANQA1ADIAMQAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1791 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:00 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=02451a53-a51a-4e9b-be2b-feaac40369df
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgAyADYAMAAuADAAMgAtADEANQA3ADcAMgAyADcANQA1ADIANQA1ADIAMQAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1790 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:00 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=02451a53-a51a-4e9b-be2b-feaac40369df
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgAyADYAMAAuADAAMgAtADEANQA3ADcAMgAyADcANQA1ADIANQA1ADIAMQAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1789 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:00 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=02451a53-a51a-4e9b-be2b-feaac40369df
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgAyADYAMAAuADAAMgAtADEANQA3ADcAMgAyADcANQA1ADIANQA1ADIAMQAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1788 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:00 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=02451a53-a51a-4e9b-be2b-feaac40369df
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgAyADYAMAAuADAAMgAtADEANQA3ADcAMgAyADcANQA1ADIANQA1ADIAMQAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1787 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:00 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=02451a53-a51a-4e9b-be2b-feaac40369df
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMgAyADYAMAAuADAAMgAtADEANQA3ADcAMgAyADcANQA1ADIANQA1ADIAMQAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1786 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:00 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f065b3b1-2fb3-4304-aa2c-08f58634f9fb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAEkAQQBOAGcAQQB3AEEAQwA0AEEATQBBAEEAeQBBAEMAMABBAE0AUQBBADEAQQBEAGMAQQBOAHcAQQB5AEEARABJAEEATgB3AEEAMQBBAEQAVQBBAE0AZwBBADEAQQBEAFUAQQBNAGcAQQB4AEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=4662d92d-854a-4c07-9a1e-a52882c21e1b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1785 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:00 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0b4f7195-b850-4388-906f-752cbc736900
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAyADIANgAwAC4AMAAyAC0AMQA1ADcANwAyADIANwA1ADUAMgA1ADUAMgAxADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=56a1c7a3-1429-4337-8f1f-6a7d670ba88d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1784 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:00 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0b4f7195-b850-4388-906f-752cbc736900
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAyADIANgAwAC4AMAAyAC0AMQA1ADcANwAyADIANwA1ADUAMgA1ADUAMgAxADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=56a1c7a3-1429-4337-8f1f-6a7d670ba88d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1783 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:00 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0b4f7195-b850-4388-906f-752cbc736900
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAyADIANgAwAC4AMAAyAC0AMQA1ADcANwAyADIANwA1ADUAMgA1ADUAMgAxADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1782 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:00 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0b4f7195-b850-4388-906f-752cbc736900
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAyADIANgAwAC4AMAAyAC0AMQA1ADcANwAyADIANwA1ADUAMgA1ADUAMgAxADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1781 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:00 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0b4f7195-b850-4388-906f-752cbc736900
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAyADIANgAwAC4AMAAyAC0AMQA1ADcANwAyADIANwA1ADUAMgA1ADUAMgAxADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1780 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:00 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0b4f7195-b850-4388-906f-752cbc736900
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAyADIANgAwAC4AMAAyAC0AMQA1ADcANwAyADIANwA1ADUAMgA1ADUAMgAxADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1779 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:00 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0b4f7195-b850-4388-906f-752cbc736900
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAyADIANgAwAC4AMAAyAC0AMQA1ADcANwAyADIANwA1ADUAMgA1ADUAMgAxADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1778 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:00 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0b4f7195-b850-4388-906f-752cbc736900
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAyADIANgAwAC4AMAAyAC0AMQA1ADcANwAyADIANwA1ADUAMgA1ADUAMgAxADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1777 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:00 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f065b3b1-2fb3-4304-aa2c-08f58634f9fb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAEkAQQBOAGcAQQB3AEEAQwA0AEEATQBBAEEAeQBBAEMAMABBAE0AUQBBADEAQQBEAGMAQQBOAHcAQQB5AEEARABJAEEATgB3AEEAMQBBAEQAVQBBAE0AZwBBADEAQQBEAFUAQQBNAGcAQQB4AEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=4662d92d-854a-4c07-9a1e-a52882c21e1b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1776 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:00 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f065b3b1-2fb3-4304-aa2c-08f58634f9fb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAEkAQQBOAGcAQQB3AEEAQwA0AEEATQBBAEEAeQBBAEMAMABBAE0AUQBBADEAQQBEAGMAQQBOAHcAQQB5AEEARABJAEEATgB3AEEAMQBBAEQAVQBBAE0AZwBBADEAQQBEAFUAQQBNAGcAQQB4AEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1775 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:00 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f065b3b1-2fb3-4304-aa2c-08f58634f9fb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAEkAQQBOAGcAQQB3AEEAQwA0AEEATQBBAEEAeQBBAEMAMABBAE0AUQBBADEAQQBEAGMAQQBOAHcAQQB5AEEARABJAEEATgB3AEEAMQBBAEQAVQBBAE0AZwBBADEAQQBEAFUAQQBNAGcAQQB4AEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1774 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:00 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f065b3b1-2fb3-4304-aa2c-08f58634f9fb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAEkAQQBOAGcAQQB3AEEAQwA0AEEATQBBAEEAeQBBAEMAMABBAE0AUQBBADEAQQBEAGMAQQBOAHcAQQB5AEEARABJAEEATgB3AEEAMQBBAEQAVQBBAE0AZwBBADEAQQBEAFUAQQBNAGcAQQB4AEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1773 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:00 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f065b3b1-2fb3-4304-aa2c-08f58634f9fb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAEkAQQBOAGcAQQB3AEEAQwA0AEEATQBBAEEAeQBBAEMAMABBAE0AUQBBADEAQQBEAGMAQQBOAHcAQQB5AEEARABJAEEATgB3AEEAMQBBAEQAVQBBAE0AZwBBADEAQQBEAFUAQQBNAGcAQQB4AEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1772 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:00 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f065b3b1-2fb3-4304-aa2c-08f58634f9fb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAEkAQQBOAGcAQQB3AEEAQwA0AEEATQBBAEEAeQBBAEMAMABBAE0AUQBBADEAQQBEAGMAQQBOAHcAQQB5AEEARABJAEEATgB3AEEAMQBBAEQAVQBBAE0AZwBBADEAQQBEAFUAQQBNAGcAQQB4AEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1771 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:00 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f065b3b1-2fb3-4304-aa2c-08f58634f9fb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAEkAQQBOAGcAQQB3AEEAQwA0AEEATQBBAEEAeQBBAEMAMABBAE0AUQBBADEAQQBEAGMAQQBOAHcAQQB5AEEARABJAEEATgB3AEEAMQBBAEQAVQBBAE0AZwBBADEAQQBEAFUAQQBNAGcAQQB4AEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1770 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:31:00 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d7fa091c-979f-4d3e-8b84-b54f3340f223
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b72eafd4-aa36-4e3e-af74-a34bd0db1170
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1769 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:30:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d1197816-4df6-4c35-b430-7e1557ddaa3f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9830e753-ff21-4a0e-89e0-ec09c4dc08b2
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1768 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:30:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d1197816-4df6-4c35-b430-7e1557ddaa3f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1767 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:30:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d1197816-4df6-4c35-b430-7e1557ddaa3f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1766 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:30:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d1197816-4df6-4c35-b430-7e1557ddaa3f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1765 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:30:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d1197816-4df6-4c35-b430-7e1557ddaa3f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1764 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:30:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d1197816-4df6-4c35-b430-7e1557ddaa3f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1763 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:30:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d1197816-4df6-4c35-b430-7e1557ddaa3f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1762 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:30:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d1197816-4df6-4c35-b430-7e1557ddaa3f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1761 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:30:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d1197816-4df6-4c35-b430-7e1557ddaa3f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1760 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:30:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d7fa091c-979f-4d3e-8b84-b54f3340f223
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b72eafd4-aa36-4e3e-af74-a34bd0db1170
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1759 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:30:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d7fa091c-979f-4d3e-8b84-b54f3340f223
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1758 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:30:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d7fa091c-979f-4d3e-8b84-b54f3340f223
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1757 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:30:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d7fa091c-979f-4d3e-8b84-b54f3340f223
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1756 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:30:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d7fa091c-979f-4d3e-8b84-b54f3340f223
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1755 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:30:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d7fa091c-979f-4d3e-8b84-b54f3340f223
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1754 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:30:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d7fa091c-979f-4d3e-8b84-b54f3340f223
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1753 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:30:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8119d2e2-eca7-4c07-b83e-260fe5a76e5c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=99db641b-b7f7-4423-bcc5-dadc131cde81
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1752 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:30:58 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5545586b-acd4-4dfc-a11f-98debf4baddf
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABwAHkAdABoAG8AbgAyADcAXABzAGMAcgBpAHAAdABzAFwAegB1AHUAbAAtAGMAbABvAG4AZQByACAALQAtAHcAbwByAGsAcwBwAGEAYwBlACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAIAAtAG0AIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAFwAYwBsAG8AbgBlAG0AYQBwAC4AeQBhAG0AbAAgAC0ALQB6AHUAdQBsAC0AcAByAG8AagBlAGMAdAAgAG8AcABlAG4AcwB0AGEAYwBrAC8AYwBpAG4AZABlAHIAIAAtAC0AegB1AHUAbAAtAHIAZQBmACAAcgBlAGYAcwAvAHoAdQB1AGwALwBtAGEAcwB0AGUAcgAvAFoAZABjAGIAZgBiAGQAZQBjAGQAZABiAGYANABiADEANwBiAGEAYgBlAGQAYgAwAGYANgBhAGYAOQBkAGEAZgBmACAALQAtAHoAdQB1AGwALQB1AHIAbAAgAGgAdAB0AHAAOgAvAC8AMQAwAC4AMQAwADYALgAxAC4AMwA5AC8AcAAgAC0ALQB6AHUAdQBsAC0AYgByAGEAbgBjAGgAIABtAGEAcwB0AGUAcgAgAGgAdAB0AHAAcwA6AC8ALwBvAHAAZQBuAGQAZQB2AC4AbwByAGcAIABvAHAAZQBuAHMAdABhAGMAawAvAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzACAAbwBwAGUAbgBzAHQAYQBjAGsALwBjAGkAbgBkAGUAcgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBvAHYAYQAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBlAHUAdAByAG8AbgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AYwBvAG0AcAB1AHQAZQAtAGgAeQBwAGUAcgB2ACAAbwBwAGUAbgBzAHQAYQBjAGsALwBvAHMALQB3AGkAbgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBlAHQAdwBvAHIAawBpAG4AZwAtAGgAeQBwAGUAcgB2AA==
EngineVersion=5.1.14393.1944
RunspaceId=59694e7b-d1ee-4a97-abe3-2c7389c9d2f8
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1751 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:30:58 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5545586b-acd4-4dfc-a11f-98debf4baddf
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABwAHkAdABoAG8AbgAyADcAXABzAGMAcgBpAHAAdABzAFwAegB1AHUAbAAtAGMAbABvAG4AZQByACAALQAtAHcAbwByAGsAcwBwAGEAYwBlACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAIAAtAG0AIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAFwAYwBsAG8AbgBlAG0AYQBwAC4AeQBhAG0AbAAgAC0ALQB6AHUAdQBsAC0AcAByAG8AagBlAGMAdAAgAG8AcABlAG4AcwB0AGEAYwBrAC8AYwBpAG4AZABlAHIAIAAtAC0AegB1AHUAbAAtAHIAZQBmACAAcgBlAGYAcwAvAHoAdQB1AGwALwBtAGEAcwB0AGUAcgAvAFoAZABjAGIAZgBiAGQAZQBjAGQAZABiAGYANABiADEANwBiAGEAYgBlAGQAYgAwAGYANgBhAGYAOQBkAGEAZgBmACAALQAtAHoAdQB1AGwALQB1AHIAbAAgAGgAdAB0AHAAOgAvAC8AMQAwAC4AMQAwADYALgAxAC4AMwA5AC8AcAAgAC0ALQB6AHUAdQBsAC0AYgByAGEAbgBjAGgAIABtAGEAcwB0AGUAcgAgAGgAdAB0AHAAcwA6AC8ALwBvAHAAZQBuAGQAZQB2AC4AbwByAGcAIABvAHAAZQBuAHMAdABhAGMAawAvAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzACAAbwBwAGUAbgBzAHQAYQBjAGsALwBjAGkAbgBkAGUAcgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBvAHYAYQAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBlAHUAdAByAG8AbgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AYwBvAG0AcAB1AHQAZQAtAGgAeQBwAGUAcgB2ACAAbwBwAGUAbgBzAHQAYQBjAGsALwBvAHMALQB3AGkAbgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBlAHQAdwBvAHIAawBpAG4AZwAtAGgAeQBwAGUAcgB2AA==
EngineVersion=5.1.14393.1944
RunspaceId=59694e7b-d1ee-4a97-abe3-2c7389c9d2f8
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1750 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:28:47 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5545586b-acd4-4dfc-a11f-98debf4baddf
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABwAHkAdABoAG8AbgAyADcAXABzAGMAcgBpAHAAdABzAFwAegB1AHUAbAAtAGMAbABvAG4AZQByACAALQAtAHcAbwByAGsAcwBwAGEAYwBlACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAIAAtAG0AIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAFwAYwBsAG8AbgBlAG0AYQBwAC4AeQBhAG0AbAAgAC0ALQB6AHUAdQBsAC0AcAByAG8AagBlAGMAdAAgAG8AcABlAG4AcwB0AGEAYwBrAC8AYwBpAG4AZABlAHIAIAAtAC0AegB1AHUAbAAtAHIAZQBmACAAcgBlAGYAcwAvAHoAdQB1AGwALwBtAGEAcwB0AGUAcgAvAFoAZABjAGIAZgBiAGQAZQBjAGQAZABiAGYANABiADEANwBiAGEAYgBlAGQAYgAwAGYANgBhAGYAOQBkAGEAZgBmACAALQAtAHoAdQB1AGwALQB1AHIAbAAgAGgAdAB0AHAAOgAvAC8AMQAwAC4AMQAwADYALgAxAC4AMwA5AC8AcAAgAC0ALQB6AHUAdQBsAC0AYgByAGEAbgBjAGgAIABtAGEAcwB0AGUAcgAgAGgAdAB0AHAAcwA6AC8ALwBvAHAAZQBuAGQAZQB2AC4AbwByAGcAIABvAHAAZQBuAHMAdABhAGMAawAvAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzACAAbwBwAGUAbgBzAHQAYQBjAGsALwBjAGkAbgBkAGUAcgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBvAHYAYQAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBlAHUAdAByAG8AbgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AYwBvAG0AcAB1AHQAZQAtAGgAeQBwAGUAcgB2ACAAbwBwAGUAbgBzAHQAYQBjAGsALwBvAHMALQB3AGkAbgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBlAHQAdwBvAHIAawBpAG4AZwAtAGgAeQBwAGUAcgB2AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1749 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:28:47 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5545586b-acd4-4dfc-a11f-98debf4baddf
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABwAHkAdABoAG8AbgAyADcAXABzAGMAcgBpAHAAdABzAFwAegB1AHUAbAAtAGMAbABvAG4AZQByACAALQAtAHcAbwByAGsAcwBwAGEAYwBlACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAIAAtAG0AIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAFwAYwBsAG8AbgBlAG0AYQBwAC4AeQBhAG0AbAAgAC0ALQB6AHUAdQBsAC0AcAByAG8AagBlAGMAdAAgAG8AcABlAG4AcwB0AGEAYwBrAC8AYwBpAG4AZABlAHIAIAAtAC0AegB1AHUAbAAtAHIAZQBmACAAcgBlAGYAcwAvAHoAdQB1AGwALwBtAGEAcwB0AGUAcgAvAFoAZABjAGIAZgBiAGQAZQBjAGQAZABiAGYANABiADEANwBiAGEAYgBlAGQAYgAwAGYANgBhAGYAOQBkAGEAZgBmACAALQAtAHoAdQB1AGwALQB1AHIAbAAgAGgAdAB0AHAAOgAvAC8AMQAwAC4AMQAwADYALgAxAC4AMwA5AC8AcAAgAC0ALQB6AHUAdQBsAC0AYgByAGEAbgBjAGgAIABtAGEAcwB0AGUAcgAgAGgAdAB0AHAAcwA6AC8ALwBvAHAAZQBuAGQAZQB2AC4AbwByAGcAIABvAHAAZQBuAHMAdABhAGMAawAvAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzACAAbwBwAGUAbgBzAHQAYQBjAGsALwBjAGkAbgBkAGUAcgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBvAHYAYQAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBlAHUAdAByAG8AbgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AYwBvAG0AcAB1AHQAZQAtAGgAeQBwAGUAcgB2ACAAbwBwAGUAbgBzAHQAYQBjAGsALwBvAHMALQB3AGkAbgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBlAHQAdwBvAHIAawBpAG4AZwAtAGgAeQBwAGUAcgB2AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1748 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:28:47 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5545586b-acd4-4dfc-a11f-98debf4baddf
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABwAHkAdABoAG8AbgAyADcAXABzAGMAcgBpAHAAdABzAFwAegB1AHUAbAAtAGMAbABvAG4AZQByACAALQAtAHcAbwByAGsAcwBwAGEAYwBlACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAIAAtAG0AIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAFwAYwBsAG8AbgBlAG0AYQBwAC4AeQBhAG0AbAAgAC0ALQB6AHUAdQBsAC0AcAByAG8AagBlAGMAdAAgAG8AcABlAG4AcwB0AGEAYwBrAC8AYwBpAG4AZABlAHIAIAAtAC0AegB1AHUAbAAtAHIAZQBmACAAcgBlAGYAcwAvAHoAdQB1AGwALwBtAGEAcwB0AGUAcgAvAFoAZABjAGIAZgBiAGQAZQBjAGQAZABiAGYANABiADEANwBiAGEAYgBlAGQAYgAwAGYANgBhAGYAOQBkAGEAZgBmACAALQAtAHoAdQB1AGwALQB1AHIAbAAgAGgAdAB0AHAAOgAvAC8AMQAwAC4AMQAwADYALgAxAC4AMwA5AC8AcAAgAC0ALQB6AHUAdQBsAC0AYgByAGEAbgBjAGgAIABtAGEAcwB0AGUAcgAgAGgAdAB0AHAAcwA6AC8ALwBvAHAAZQBuAGQAZQB2AC4AbwByAGcAIABvAHAAZQBuAHMAdABhAGMAawAvAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzACAAbwBwAGUAbgBzAHQAYQBjAGsALwBjAGkAbgBkAGUAcgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBvAHYAYQAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBlAHUAdAByAG8AbgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AYwBvAG0AcAB1AHQAZQAtAGgAeQBwAGUAcgB2ACAAbwBwAGUAbgBzAHQAYQBjAGsALwBvAHMALQB3AGkAbgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBlAHQAdwBvAHIAawBpAG4AZwAtAGgAeQBwAGUAcgB2AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1747 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:28:47 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5545586b-acd4-4dfc-a11f-98debf4baddf
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABwAHkAdABoAG8AbgAyADcAXABzAGMAcgBpAHAAdABzAFwAegB1AHUAbAAtAGMAbABvAG4AZQByACAALQAtAHcAbwByAGsAcwBwAGEAYwBlACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAIAAtAG0AIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAFwAYwBsAG8AbgBlAG0AYQBwAC4AeQBhAG0AbAAgAC0ALQB6AHUAdQBsAC0AcAByAG8AagBlAGMAdAAgAG8AcABlAG4AcwB0AGEAYwBrAC8AYwBpAG4AZABlAHIAIAAtAC0AegB1AHUAbAAtAHIAZQBmACAAcgBlAGYAcwAvAHoAdQB1AGwALwBtAGEAcwB0AGUAcgAvAFoAZABjAGIAZgBiAGQAZQBjAGQAZABiAGYANABiADEANwBiAGEAYgBlAGQAYgAwAGYANgBhAGYAOQBkAGEAZgBmACAALQAtAHoAdQB1AGwALQB1AHIAbAAgAGgAdAB0AHAAOgAvAC8AMQAwAC4AMQAwADYALgAxAC4AMwA5AC8AcAAgAC0ALQB6AHUAdQBsAC0AYgByAGEAbgBjAGgAIABtAGEAcwB0AGUAcgAgAGgAdAB0AHAAcwA6AC8ALwBvAHAAZQBuAGQAZQB2AC4AbwByAGcAIABvAHAAZQBuAHMAdABhAGMAawAvAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzACAAbwBwAGUAbgBzAHQAYQBjAGsALwBjAGkAbgBkAGUAcgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBvAHYAYQAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBlAHUAdAByAG8AbgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AYwBvAG0AcAB1AHQAZQAtAGgAeQBwAGUAcgB2ACAAbwBwAGUAbgBzAHQAYQBjAGsALwBvAHMALQB3AGkAbgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBlAHQAdwBvAHIAawBpAG4AZwAtAGgAeQBwAGUAcgB2AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1746 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:28:47 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5545586b-acd4-4dfc-a11f-98debf4baddf
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABwAHkAdABoAG8AbgAyADcAXABzAGMAcgBpAHAAdABzAFwAegB1AHUAbAAtAGMAbABvAG4AZQByACAALQAtAHcAbwByAGsAcwBwAGEAYwBlACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAIAAtAG0AIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAFwAYwBsAG8AbgBlAG0AYQBwAC4AeQBhAG0AbAAgAC0ALQB6AHUAdQBsAC0AcAByAG8AagBlAGMAdAAgAG8AcABlAG4AcwB0AGEAYwBrAC8AYwBpAG4AZABlAHIAIAAtAC0AegB1AHUAbAAtAHIAZQBmACAAcgBlAGYAcwAvAHoAdQB1AGwALwBtAGEAcwB0AGUAcgAvAFoAZABjAGIAZgBiAGQAZQBjAGQAZABiAGYANABiADEANwBiAGEAYgBlAGQAYgAwAGYANgBhAGYAOQBkAGEAZgBmACAALQAtAHoAdQB1AGwALQB1AHIAbAAgAGgAdAB0AHAAOgAvAC8AMQAwAC4AMQAwADYALgAxAC4AMwA5AC8AcAAgAC0ALQB6AHUAdQBsAC0AYgByAGEAbgBjAGgAIABtAGEAcwB0AGUAcgAgAGgAdAB0AHAAcwA6AC8ALwBvAHAAZQBuAGQAZQB2AC4AbwByAGcAIABvAHAAZQBuAHMAdABhAGMAawAvAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzACAAbwBwAGUAbgBzAHQAYQBjAGsALwBjAGkAbgBkAGUAcgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBvAHYAYQAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBlAHUAdAByAG8AbgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AYwBvAG0AcAB1AHQAZQAtAGgAeQBwAGUAcgB2ACAAbwBwAGUAbgBzAHQAYQBjAGsALwBvAHMALQB3AGkAbgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBlAHQAdwBvAHIAawBpAG4AZwAtAGgAeQBwAGUAcgB2AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1745 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:28:47 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5545586b-acd4-4dfc-a11f-98debf4baddf
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABwAHkAdABoAG8AbgAyADcAXABzAGMAcgBpAHAAdABzAFwAegB1AHUAbAAtAGMAbABvAG4AZQByACAALQAtAHcAbwByAGsAcwBwAGEAYwBlACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAIAAtAG0AIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAFwAYwBsAG8AbgBlAG0AYQBwAC4AeQBhAG0AbAAgAC0ALQB6AHUAdQBsAC0AcAByAG8AagBlAGMAdAAgAG8AcABlAG4AcwB0AGEAYwBrAC8AYwBpAG4AZABlAHIAIAAtAC0AegB1AHUAbAAtAHIAZQBmACAAcgBlAGYAcwAvAHoAdQB1AGwALwBtAGEAcwB0AGUAcgAvAFoAZABjAGIAZgBiAGQAZQBjAGQAZABiAGYANABiADEANwBiAGEAYgBlAGQAYgAwAGYANgBhAGYAOQBkAGEAZgBmACAALQAtAHoAdQB1AGwALQB1AHIAbAAgAGgAdAB0AHAAOgAvAC8AMQAwAC4AMQAwADYALgAxAC4AMwA5AC8AcAAgAC0ALQB6AHUAdQBsAC0AYgByAGEAbgBjAGgAIABtAGEAcwB0AGUAcgAgAGgAdAB0AHAAcwA6AC8ALwBvAHAAZQBuAGQAZQB2AC4AbwByAGcAIABvAHAAZQBuAHMAdABhAGMAawAvAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzACAAbwBwAGUAbgBzAHQAYQBjAGsALwBjAGkAbgBkAGUAcgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBvAHYAYQAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBlAHUAdAByAG8AbgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AYwBvAG0AcAB1AHQAZQAtAGgAeQBwAGUAcgB2ACAAbwBwAGUAbgBzAHQAYQBjAGsALwBvAHMALQB3AGkAbgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBlAHQAdwBvAHIAawBpAG4AZwAtAGgAeQBwAGUAcgB2AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1744 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:28:47 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b848f02d-d66d-4ac6-aa3d-59c7745ccac0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=1f5c908e-6562-4562-ab46-1ccb2faa2b4e
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1743 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:28:47 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b848f02d-d66d-4ac6-aa3d-59c7745ccac0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=1f5c908e-6562-4562-ab46-1ccb2faa2b4e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1742 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:28:47 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b848f02d-d66d-4ac6-aa3d-59c7745ccac0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1741 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:28:47 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b848f02d-d66d-4ac6-aa3d-59c7745ccac0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1740 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:28:47 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b848f02d-d66d-4ac6-aa3d-59c7745ccac0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1739 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:28:47 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b848f02d-d66d-4ac6-aa3d-59c7745ccac0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1738 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:28:47 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b848f02d-d66d-4ac6-aa3d-59c7745ccac0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1737 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:28:47 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b848f02d-d66d-4ac6-aa3d-59c7745ccac0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1736 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:28:47 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b848f02d-d66d-4ac6-aa3d-59c7745ccac0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1735 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:28:47 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b848f02d-d66d-4ac6-aa3d-59c7745ccac0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1734 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:28:47 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8119d2e2-eca7-4c07-b83e-260fe5a76e5c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=99db641b-b7f7-4423-bcc5-dadc131cde81
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1733 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:28:46 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8119d2e2-eca7-4c07-b83e-260fe5a76e5c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1732 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:28:46 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8119d2e2-eca7-4c07-b83e-260fe5a76e5c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1731 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:28:46 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8119d2e2-eca7-4c07-b83e-260fe5a76e5c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1730 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:28:46 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8119d2e2-eca7-4c07-b83e-260fe5a76e5c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1729 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:28:46 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8119d2e2-eca7-4c07-b83e-260fe5a76e5c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1728 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:28:46 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8119d2e2-eca7-4c07-b83e-260fe5a76e5c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1727 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:28:46 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=61786172-a344-4247-b01f-3b1dea2ed9c7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b66519c5-ee67-43b8-9ddd-5b46fc00db39
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1726 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:28:36 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0c9fdbe3-b276-4fc9-bc4c-30dc4b0b063d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABwAHkAdABoAG8AbgAyADcAXABzAGMAcgBpAHAAdABzAFwAegB1AHUAbAAtAGMAbABvAG4AZQByACAALQAtAHcAbwByAGsAcwBwAGEAYwBlACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAIAAtAG0AIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAFwAYwBsAG8AbgBlAG0AYQBwAC4AeQBhAG0AbAAgAC0ALQB6AHUAdQBsAC0AcAByAG8AagBlAGMAdAAgAG8AcABlAG4AcwB0AGEAYwBrAC8AYwBpAG4AZABlAHIAIAAtAC0AegB1AHUAbAAtAHIAZQBmACAAcgBlAGYAcwAvAHoAdQB1AGwALwBtAGEAcwB0AGUAcgAvAFoAZABjAGIAZgBiAGQAZQBjAGQAZABiAGYANABiADEANwBiAGEAYgBlAGQAYgAwAGYANgBhAGYAOQBkAGEAZgBmACAALQAtAHoAdQB1AGwALQB1AHIAbAAgAGgAdAB0AHAAOgAvAC8AMQAwAC4AMQAwADYALgAxAC4AMwA5AC8AcAAgAC0ALQB6AHUAdQBsAC0AYgByAGEAbgBjAGgAIABtAGEAcwB0AGUAcgAgAGgAdAB0AHAAcwA6AC8ALwBvAHAAZQBuAGQAZQB2AC4AbwByAGcAIABvAHAAZQBuAHMAdABhAGMAawAvAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzACAAbwBwAGUAbgBzAHQAYQBjAGsALwBjAGkAbgBkAGUAcgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBvAHYAYQAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBlAHUAdAByAG8AbgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AYwBvAG0AcAB1AHQAZQAtAGgAeQBwAGUAcgB2ACAAbwBwAGUAbgBzAHQAYQBjAGsALwBvAHMALQB3AGkAbgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBlAHQAdwBvAHIAawBpAG4AZwAtAGgAeQBwAGUAcgB2AA==
EngineVersion=5.1.14393.1944
RunspaceId=133538d3-578a-4c54-8ef3-ae612c0c4b5f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1725 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:28:35 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0c9fdbe3-b276-4fc9-bc4c-30dc4b0b063d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABwAHkAdABoAG8AbgAyADcAXABzAGMAcgBpAHAAdABzAFwAegB1AHUAbAAtAGMAbABvAG4AZQByACAALQAtAHcAbwByAGsAcwBwAGEAYwBlACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAIAAtAG0AIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAFwAYwBsAG8AbgBlAG0AYQBwAC4AeQBhAG0AbAAgAC0ALQB6AHUAdQBsAC0AcAByAG8AagBlAGMAdAAgAG8AcABlAG4AcwB0AGEAYwBrAC8AYwBpAG4AZABlAHIAIAAtAC0AegB1AHUAbAAtAHIAZQBmACAAcgBlAGYAcwAvAHoAdQB1AGwALwBtAGEAcwB0AGUAcgAvAFoAZABjAGIAZgBiAGQAZQBjAGQAZABiAGYANABiADEANwBiAGEAYgBlAGQAYgAwAGYANgBhAGYAOQBkAGEAZgBmACAALQAtAHoAdQB1AGwALQB1AHIAbAAgAGgAdAB0AHAAOgAvAC8AMQAwAC4AMQAwADYALgAxAC4AMwA5AC8AcAAgAC0ALQB6AHUAdQBsAC0AYgByAGEAbgBjAGgAIABtAGEAcwB0AGUAcgAgAGgAdAB0AHAAcwA6AC8ALwBvAHAAZQBuAGQAZQB2AC4AbwByAGcAIABvAHAAZQBuAHMAdABhAGMAawAvAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzACAAbwBwAGUAbgBzAHQAYQBjAGsALwBjAGkAbgBkAGUAcgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBvAHYAYQAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBlAHUAdAByAG8AbgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AYwBvAG0AcAB1AHQAZQAtAGgAeQBwAGUAcgB2ACAAbwBwAGUAbgBzAHQAYQBjAGsALwBvAHMALQB3AGkAbgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBlAHQAdwBvAHIAawBpAG4AZwAtAGgAeQBwAGUAcgB2AA==
EngineVersion=5.1.14393.1944
RunspaceId=133538d3-578a-4c54-8ef3-ae612c0c4b5f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1724 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0c9fdbe3-b276-4fc9-bc4c-30dc4b0b063d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABwAHkAdABoAG8AbgAyADcAXABzAGMAcgBpAHAAdABzAFwAegB1AHUAbAAtAGMAbABvAG4AZQByACAALQAtAHcAbwByAGsAcwBwAGEAYwBlACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAIAAtAG0AIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAFwAYwBsAG8AbgBlAG0AYQBwAC4AeQBhAG0AbAAgAC0ALQB6AHUAdQBsAC0AcAByAG8AagBlAGMAdAAgAG8AcABlAG4AcwB0AGEAYwBrAC8AYwBpAG4AZABlAHIAIAAtAC0AegB1AHUAbAAtAHIAZQBmACAAcgBlAGYAcwAvAHoAdQB1AGwALwBtAGEAcwB0AGUAcgAvAFoAZABjAGIAZgBiAGQAZQBjAGQAZABiAGYANABiADEANwBiAGEAYgBlAGQAYgAwAGYANgBhAGYAOQBkAGEAZgBmACAALQAtAHoAdQB1AGwALQB1AHIAbAAgAGgAdAB0AHAAOgAvAC8AMQAwAC4AMQAwADYALgAxAC4AMwA5AC8AcAAgAC0ALQB6AHUAdQBsAC0AYgByAGEAbgBjAGgAIABtAGEAcwB0AGUAcgAgAGgAdAB0AHAAcwA6AC8ALwBvAHAAZQBuAGQAZQB2AC4AbwByAGcAIABvAHAAZQBuAHMAdABhAGMAawAvAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzACAAbwBwAGUAbgBzAHQAYQBjAGsALwBjAGkAbgBkAGUAcgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBvAHYAYQAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBlAHUAdAByAG8AbgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AYwBvAG0AcAB1AHQAZQAtAGgAeQBwAGUAcgB2ACAAbwBwAGUAbgBzAHQAYQBjAGsALwBvAHMALQB3AGkAbgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBlAHQAdwBvAHIAawBpAG4AZwAtAGgAeQBwAGUAcgB2AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1723 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0c9fdbe3-b276-4fc9-bc4c-30dc4b0b063d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABwAHkAdABoAG8AbgAyADcAXABzAGMAcgBpAHAAdABzAFwAegB1AHUAbAAtAGMAbABvAG4AZQByACAALQAtAHcAbwByAGsAcwBwAGEAYwBlACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAIAAtAG0AIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAFwAYwBsAG8AbgBlAG0AYQBwAC4AeQBhAG0AbAAgAC0ALQB6AHUAdQBsAC0AcAByAG8AagBlAGMAdAAgAG8AcABlAG4AcwB0AGEAYwBrAC8AYwBpAG4AZABlAHIAIAAtAC0AegB1AHUAbAAtAHIAZQBmACAAcgBlAGYAcwAvAHoAdQB1AGwALwBtAGEAcwB0AGUAcgAvAFoAZABjAGIAZgBiAGQAZQBjAGQAZABiAGYANABiADEANwBiAGEAYgBlAGQAYgAwAGYANgBhAGYAOQBkAGEAZgBmACAALQAtAHoAdQB1AGwALQB1AHIAbAAgAGgAdAB0AHAAOgAvAC8AMQAwAC4AMQAwADYALgAxAC4AMwA5AC8AcAAgAC0ALQB6AHUAdQBsAC0AYgByAGEAbgBjAGgAIABtAGEAcwB0AGUAcgAgAGgAdAB0AHAAcwA6AC8ALwBvAHAAZQBuAGQAZQB2AC4AbwByAGcAIABvAHAAZQBuAHMAdABhAGMAawAvAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzACAAbwBwAGUAbgBzAHQAYQBjAGsALwBjAGkAbgBkAGUAcgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBvAHYAYQAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBlAHUAdAByAG8AbgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AYwBvAG0AcAB1AHQAZQAtAGgAeQBwAGUAcgB2ACAAbwBwAGUAbgBzAHQAYQBjAGsALwBvAHMALQB3AGkAbgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBlAHQAdwBvAHIAawBpAG4AZwAtAGgAeQBwAGUAcgB2AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1722 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0c9fdbe3-b276-4fc9-bc4c-30dc4b0b063d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABwAHkAdABoAG8AbgAyADcAXABzAGMAcgBpAHAAdABzAFwAegB1AHUAbAAtAGMAbABvAG4AZQByACAALQAtAHcAbwByAGsAcwBwAGEAYwBlACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAIAAtAG0AIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAFwAYwBsAG8AbgBlAG0AYQBwAC4AeQBhAG0AbAAgAC0ALQB6AHUAdQBsAC0AcAByAG8AagBlAGMAdAAgAG8AcABlAG4AcwB0AGEAYwBrAC8AYwBpAG4AZABlAHIAIAAtAC0AegB1AHUAbAAtAHIAZQBmACAAcgBlAGYAcwAvAHoAdQB1AGwALwBtAGEAcwB0AGUAcgAvAFoAZABjAGIAZgBiAGQAZQBjAGQAZABiAGYANABiADEANwBiAGEAYgBlAGQAYgAwAGYANgBhAGYAOQBkAGEAZgBmACAALQAtAHoAdQB1AGwALQB1AHIAbAAgAGgAdAB0AHAAOgAvAC8AMQAwAC4AMQAwADYALgAxAC4AMwA5AC8AcAAgAC0ALQB6AHUAdQBsAC0AYgByAGEAbgBjAGgAIABtAGEAcwB0AGUAcgAgAGgAdAB0AHAAcwA6AC8ALwBvAHAAZQBuAGQAZQB2AC4AbwByAGcAIABvAHAAZQBuAHMAdABhAGMAawAvAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzACAAbwBwAGUAbgBzAHQAYQBjAGsALwBjAGkAbgBkAGUAcgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBvAHYAYQAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBlAHUAdAByAG8AbgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AYwBvAG0AcAB1AHQAZQAtAGgAeQBwAGUAcgB2ACAAbwBwAGUAbgBzAHQAYQBjAGsALwBvAHMALQB3AGkAbgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBlAHQAdwBvAHIAawBpAG4AZwAtAGgAeQBwAGUAcgB2AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1721 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0c9fdbe3-b276-4fc9-bc4c-30dc4b0b063d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABwAHkAdABoAG8AbgAyADcAXABzAGMAcgBpAHAAdABzAFwAegB1AHUAbAAtAGMAbABvAG4AZQByACAALQAtAHcAbwByAGsAcwBwAGEAYwBlACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAIAAtAG0AIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAFwAYwBsAG8AbgBlAG0AYQBwAC4AeQBhAG0AbAAgAC0ALQB6AHUAdQBsAC0AcAByAG8AagBlAGMAdAAgAG8AcABlAG4AcwB0AGEAYwBrAC8AYwBpAG4AZABlAHIAIAAtAC0AegB1AHUAbAAtAHIAZQBmACAAcgBlAGYAcwAvAHoAdQB1AGwALwBtAGEAcwB0AGUAcgAvAFoAZABjAGIAZgBiAGQAZQBjAGQAZABiAGYANABiADEANwBiAGEAYgBlAGQAYgAwAGYANgBhAGYAOQBkAGEAZgBmACAALQAtAHoAdQB1AGwALQB1AHIAbAAgAGgAdAB0AHAAOgAvAC8AMQAwAC4AMQAwADYALgAxAC4AMwA5AC8AcAAgAC0ALQB6AHUAdQBsAC0AYgByAGEAbgBjAGgAIABtAGEAcwB0AGUAcgAgAGgAdAB0AHAAcwA6AC8ALwBvAHAAZQBuAGQAZQB2AC4AbwByAGcAIABvAHAAZQBuAHMAdABhAGMAawAvAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzACAAbwBwAGUAbgBzAHQAYQBjAGsALwBjAGkAbgBkAGUAcgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBvAHYAYQAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBlAHUAdAByAG8AbgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AYwBvAG0AcAB1AHQAZQAtAGgAeQBwAGUAcgB2ACAAbwBwAGUAbgBzAHQAYQBjAGsALwBvAHMALQB3AGkAbgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBlAHQAdwBvAHIAawBpAG4AZwAtAGgAeQBwAGUAcgB2AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1720 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0c9fdbe3-b276-4fc9-bc4c-30dc4b0b063d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABwAHkAdABoAG8AbgAyADcAXABzAGMAcgBpAHAAdABzAFwAegB1AHUAbAAtAGMAbABvAG4AZQByACAALQAtAHcAbwByAGsAcwBwAGEAYwBlACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAIAAtAG0AIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAFwAYwBsAG8AbgBlAG0AYQBwAC4AeQBhAG0AbAAgAC0ALQB6AHUAdQBsAC0AcAByAG8AagBlAGMAdAAgAG8AcABlAG4AcwB0AGEAYwBrAC8AYwBpAG4AZABlAHIAIAAtAC0AegB1AHUAbAAtAHIAZQBmACAAcgBlAGYAcwAvAHoAdQB1AGwALwBtAGEAcwB0AGUAcgAvAFoAZABjAGIAZgBiAGQAZQBjAGQAZABiAGYANABiADEANwBiAGEAYgBlAGQAYgAwAGYANgBhAGYAOQBkAGEAZgBmACAALQAtAHoAdQB1AGwALQB1AHIAbAAgAGgAdAB0AHAAOgAvAC8AMQAwAC4AMQAwADYALgAxAC4AMwA5AC8AcAAgAC0ALQB6AHUAdQBsAC0AYgByAGEAbgBjAGgAIABtAGEAcwB0AGUAcgAgAGgAdAB0AHAAcwA6AC8ALwBvAHAAZQBuAGQAZQB2AC4AbwByAGcAIABvAHAAZQBuAHMAdABhAGMAawAvAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzACAAbwBwAGUAbgBzAHQAYQBjAGsALwBjAGkAbgBkAGUAcgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBvAHYAYQAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBlAHUAdAByAG8AbgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AYwBvAG0AcAB1AHQAZQAtAGgAeQBwAGUAcgB2ACAAbwBwAGUAbgBzAHQAYQBjAGsALwBvAHMALQB3AGkAbgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBlAHQAdwBvAHIAawBpAG4AZwAtAGgAeQBwAGUAcgB2AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1719 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0c9fdbe3-b276-4fc9-bc4c-30dc4b0b063d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABwAHkAdABoAG8AbgAyADcAXABzAGMAcgBpAHAAdABzAFwAegB1AHUAbAAtAGMAbABvAG4AZQByACAALQAtAHcAbwByAGsAcwBwAGEAYwBlACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAIAAtAG0AIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAFwAYwBsAG8AbgBlAG0AYQBwAC4AeQBhAG0AbAAgAC0ALQB6AHUAdQBsAC0AcAByAG8AagBlAGMAdAAgAG8AcABlAG4AcwB0AGEAYwBrAC8AYwBpAG4AZABlAHIAIAAtAC0AegB1AHUAbAAtAHIAZQBmACAAcgBlAGYAcwAvAHoAdQB1AGwALwBtAGEAcwB0AGUAcgAvAFoAZABjAGIAZgBiAGQAZQBjAGQAZABiAGYANABiADEANwBiAGEAYgBlAGQAYgAwAGYANgBhAGYAOQBkAGEAZgBmACAALQAtAHoAdQB1AGwALQB1AHIAbAAgAGgAdAB0AHAAOgAvAC8AMQAwAC4AMQAwADYALgAxAC4AMwA5AC8AcAAgAC0ALQB6AHUAdQBsAC0AYgByAGEAbgBjAGgAIABtAGEAcwB0AGUAcgAgAGgAdAB0AHAAcwA6AC8ALwBvAHAAZQBuAGQAZQB2AC4AbwByAGcAIABvAHAAZQBuAHMAdABhAGMAawAvAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzACAAbwBwAGUAbgBzAHQAYQBjAGsALwBjAGkAbgBkAGUAcgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBvAHYAYQAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBlAHUAdAByAG8AbgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AYwBvAG0AcAB1AHQAZQAtAGgAeQBwAGUAcgB2ACAAbwBwAGUAbgBzAHQAYQBjAGsALwBvAHMALQB3AGkAbgAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBlAHQAdwBvAHIAawBpAG4AZwAtAGgAeQBwAGUAcgB2AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1718 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b1bf236f-fcd7-4ce7-b9e2-bd3204de5817
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=17ced750-6e3a-43dc-b3b8-443084f60932
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1717 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b1bf236f-fcd7-4ce7-b9e2-bd3204de5817
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=17ced750-6e3a-43dc-b3b8-443084f60932
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1716 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:27 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b1bf236f-fcd7-4ce7-b9e2-bd3204de5817
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1715 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:27 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b1bf236f-fcd7-4ce7-b9e2-bd3204de5817
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1714 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:27 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b1bf236f-fcd7-4ce7-b9e2-bd3204de5817
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1713 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:27 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b1bf236f-fcd7-4ce7-b9e2-bd3204de5817
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1712 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:27 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b1bf236f-fcd7-4ce7-b9e2-bd3204de5817
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1711 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:27 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b1bf236f-fcd7-4ce7-b9e2-bd3204de5817
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1710 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:27 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b1bf236f-fcd7-4ce7-b9e2-bd3204de5817
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1709 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:27 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b1bf236f-fcd7-4ce7-b9e2-bd3204de5817
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1708 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:27 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=61786172-a344-4247-b01f-3b1dea2ed9c7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b66519c5-ee67-43b8-9ddd-5b46fc00db39
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1707 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:27 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=61786172-a344-4247-b01f-3b1dea2ed9c7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1706 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:27 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=61786172-a344-4247-b01f-3b1dea2ed9c7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1705 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:27 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=61786172-a344-4247-b01f-3b1dea2ed9c7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1704 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:27 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=61786172-a344-4247-b01f-3b1dea2ed9c7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1703 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:27 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=61786172-a344-4247-b01f-3b1dea2ed9c7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1702 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:27 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=61786172-a344-4247-b01f-3b1dea2ed9c7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1701 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:27 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=86d2df02-6af3-4c14-aa40-f5bccc776d3b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAFEAQQB6AEEARABJAEEATQBnAEEAdQBBAEQAawBBAE4AdwBBAHQAQQBEAEUAQQBNAFEAQQB5AEEARABnAEEATwBBAEEAegBBAEQAVQBBAE8AUQBBADAAQQBEAEEAQQBPAFEAQQB5AEEARABjAEEATQBnAEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=2c2a464a-edf4-46b5-9630-714a598512a4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1700 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b47a2fff-ec56-4265-8bbb-bae19a02b921
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAzADIAMgAuADkANwAtADEAMQAyADgAOAAzADUAOQA0ADAAOQAyADcAMgAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=34d67765-396f-4820-8cee-4ca729e07644
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1699 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b47a2fff-ec56-4265-8bbb-bae19a02b921
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAzADIAMgAuADkANwAtADEAMQAyADgAOAAzADUAOQA0ADAAOQAyADcAMgAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=34d67765-396f-4820-8cee-4ca729e07644
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1698 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b47a2fff-ec56-4265-8bbb-bae19a02b921
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAzADIAMgAuADkANwAtADEAMQAyADgAOAAzADUAOQA0ADAAOQAyADcAMgAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1697 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b47a2fff-ec56-4265-8bbb-bae19a02b921
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAzADIAMgAuADkANwAtADEAMQAyADgAOAAzADUAOQA0ADAAOQAyADcAMgAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1696 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b47a2fff-ec56-4265-8bbb-bae19a02b921
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAzADIAMgAuADkANwAtADEAMQAyADgAOAAzADUAOQA0ADAAOQAyADcAMgAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1695 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b47a2fff-ec56-4265-8bbb-bae19a02b921
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAzADIAMgAuADkANwAtADEAMQAyADgAOAAzADUAOQA0ADAAOQAyADcAMgAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1694 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b47a2fff-ec56-4265-8bbb-bae19a02b921
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAzADIAMgAuADkANwAtADEAMQAyADgAOAAzADUAOQA0ADAAOQAyADcAMgAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1693 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b47a2fff-ec56-4265-8bbb-bae19a02b921
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAzADIAMgAuADkANwAtADEAMQAyADgAOAAzADUAOQA0ADAAOQAyADcAMgAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1692 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=86d2df02-6af3-4c14-aa40-f5bccc776d3b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAFEAQQB6AEEARABJAEEATQBnAEEAdQBBAEQAawBBAE4AdwBBAHQAQQBEAEUAQQBNAFEAQQB5AEEARABnAEEATwBBAEEAegBBAEQAVQBBAE8AUQBBADAAQQBEAEEAQQBPAFEAQQB5AEEARABjAEEATQBnAEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=2c2a464a-edf4-46b5-9630-714a598512a4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1691 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=86d2df02-6af3-4c14-aa40-f5bccc776d3b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAFEAQQB6AEEARABJAEEATQBnAEEAdQBBAEQAawBBAE4AdwBBAHQAQQBEAEUAQQBNAFEAQQB5AEEARABnAEEATwBBAEEAegBBAEQAVQBBAE8AUQBBADAAQQBEAEEAQQBPAFEAQQB5AEEARABjAEEATQBnAEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1690 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=86d2df02-6af3-4c14-aa40-f5bccc776d3b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAFEAQQB6AEEARABJAEEATQBnAEEAdQBBAEQAawBBAE4AdwBBAHQAQQBEAEUAQQBNAFEAQQB5AEEARABnAEEATwBBAEEAegBBAEQAVQBBAE8AUQBBADAAQQBEAEEAQQBPAFEAQQB5AEEARABjAEEATQBnAEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1689 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=86d2df02-6af3-4c14-aa40-f5bccc776d3b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAFEAQQB6AEEARABJAEEATQBnAEEAdQBBAEQAawBBAE4AdwBBAHQAQQBEAEUAQQBNAFEAQQB5AEEARABnAEEATwBBAEEAegBBAEQAVQBBAE8AUQBBADAAQQBEAEEAQQBPAFEAQQB5AEEARABjAEEATQBnAEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1688 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=86d2df02-6af3-4c14-aa40-f5bccc776d3b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAFEAQQB6AEEARABJAEEATQBnAEEAdQBBAEQAawBBAE4AdwBBAHQAQQBEAEUAQQBNAFEAQQB5AEEARABnAEEATwBBAEEAegBBAEQAVQBBAE8AUQBBADAAQQBEAEEAQQBPAFEAQQB5AEEARABjAEEATQBnAEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1687 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=86d2df02-6af3-4c14-aa40-f5bccc776d3b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAFEAQQB6AEEARABJAEEATQBnAEEAdQBBAEQAawBBAE4AdwBBAHQAQQBEAEUAQQBNAFEAQQB5AEEARABnAEEATwBBAEEAegBBAEQAVQBBAE8AUQBBADAAQQBEAEEAQQBPAFEAQQB5AEEARABjAEEATQBnAEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1686 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=86d2df02-6af3-4c14-aa40-f5bccc776d3b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAFEAQQB6AEEARABJAEEATQBnAEEAdQBBAEQAawBBAE4AdwBBAHQAQQBEAEUAQQBNAFEAQQB5AEEARABnAEEATwBBAEEAegBBAEQAVQBBAE8AUQBBADAAQQBEAEEAQQBPAFEAQQB5AEEARABjAEEATQBnAEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1685 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=37220c53-e2ff-4f0b-8fff-bcd833a92282
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=77eb5570-d9e6-4ccb-a890-5d154dd2d6f6
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1684 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c09a0ff1-3ef6-4eee-845a-6244cc2d884c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=770c9f48-38d1-40da-a66d-ced2b1520f38
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1683 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c09a0ff1-3ef6-4eee-845a-6244cc2d884c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1682 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c09a0ff1-3ef6-4eee-845a-6244cc2d884c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1681 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c09a0ff1-3ef6-4eee-845a-6244cc2d884c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1680 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c09a0ff1-3ef6-4eee-845a-6244cc2d884c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1679 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c09a0ff1-3ef6-4eee-845a-6244cc2d884c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1678 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c09a0ff1-3ef6-4eee-845a-6244cc2d884c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1677 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c09a0ff1-3ef6-4eee-845a-6244cc2d884c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1676 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c09a0ff1-3ef6-4eee-845a-6244cc2d884c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1675 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=37220c53-e2ff-4f0b-8fff-bcd833a92282
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=77eb5570-d9e6-4ccb-a890-5d154dd2d6f6
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1674 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=37220c53-e2ff-4f0b-8fff-bcd833a92282
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1673 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=37220c53-e2ff-4f0b-8fff-bcd833a92282
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1672 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=37220c53-e2ff-4f0b-8fff-bcd833a92282
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1671 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=37220c53-e2ff-4f0b-8fff-bcd833a92282
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1670 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=37220c53-e2ff-4f0b-8fff-bcd833a92282
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1669 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=37220c53-e2ff-4f0b-8fff-bcd833a92282
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1668 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=880e622c-eb32-45a4-95ac-98f83e4c2651
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAzADIAMgAuADkANwAtADEAMQAyADgAOAAzADUAOQA0ADAAOQAyADcAMgAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=61d124ae-6f18-43a7-ae54-41fea9d8bb73
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1667 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=880e622c-eb32-45a4-95ac-98f83e4c2651
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAzADIAMgAuADkANwAtADEAMQAyADgAOAAzADUAOQA0ADAAOQAyADcAMgAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=61d124ae-6f18-43a7-ae54-41fea9d8bb73
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1666 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:23 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=880e622c-eb32-45a4-95ac-98f83e4c2651
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAzADIAMgAuADkANwAtADEAMQAyADgAOAAzADUAOQA0ADAAOQAyADcAMgAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1665 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:23 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=880e622c-eb32-45a4-95ac-98f83e4c2651
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAzADIAMgAuADkANwAtADEAMQAyADgAOAAzADUAOQA0ADAAOQAyADcAMgAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1664 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:23 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=880e622c-eb32-45a4-95ac-98f83e4c2651
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAzADIAMgAuADkANwAtADEAMQAyADgAOAAzADUAOQA0ADAAOQAyADcAMgAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1663 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:23 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=880e622c-eb32-45a4-95ac-98f83e4c2651
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAzADIAMgAuADkANwAtADEAMQAyADgAOAAzADUAOQA0ADAAOQAyADcAMgAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1662 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:23 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=880e622c-eb32-45a4-95ac-98f83e4c2651
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAzADIAMgAuADkANwAtADEAMQAyADgAOAAzADUAOQA0ADAAOQAyADcAMgAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1661 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:23 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=880e622c-eb32-45a4-95ac-98f83e4c2651
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAzADIAMgAuADkANwAtADEAMQAyADgAOAAzADUAOQA0ADAAOQAyADcAMgAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1660 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:23 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=112f4e52-f9b7-4e1c-bc4c-d233010765e5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHgAQQBEAE0AQQBNAGcAQQB5AEEAQwA0AEEATwBRAEEAMwBBAEMAMABBAE0AUQBBAHgAQQBEAEkAQQBPAEEAQQA0AEEARABNAEEATgBRAEEANQBBAEQAUQBBAE0AQQBBADUAQQBEAEkAQQBOAHcAQQB5AEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=b5a34f20-cfa3-439c-8fd7-6fddb3c73bd2
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1659 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:23 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fc862e90-0d92-4b9f-be81-7dd2e6f73e89
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAxADMAMgAyAC4AOQA3AC0AMQAxADIAOAA4ADMANQA5ADQAMAA5ADIANwAyADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=4b425647-8a67-412f-8588-16152f961a6b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1658 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:23 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fc862e90-0d92-4b9f-be81-7dd2e6f73e89
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAxADMAMgAyAC4AOQA3AC0AMQAxADIAOAA4ADMANQA5ADQAMAA5ADIANwAyADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=4b425647-8a67-412f-8588-16152f961a6b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1657 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:23 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fc862e90-0d92-4b9f-be81-7dd2e6f73e89
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAxADMAMgAyAC4AOQA3AC0AMQAxADIAOAA4ADMANQA5ADQAMAA5ADIANwAyADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1656 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:23 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fc862e90-0d92-4b9f-be81-7dd2e6f73e89
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAxADMAMgAyAC4AOQA3AC0AMQAxADIAOAA4ADMANQA5ADQAMAA5ADIANwAyADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1655 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:23 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fc862e90-0d92-4b9f-be81-7dd2e6f73e89
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAxADMAMgAyAC4AOQA3AC0AMQAxADIAOAA4ADMANQA5ADQAMAA5ADIANwAyADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1654 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:23 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fc862e90-0d92-4b9f-be81-7dd2e6f73e89
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAxADMAMgAyAC4AOQA3AC0AMQAxADIAOAA4ADMANQA5ADQAMAA5ADIANwAyADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1653 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:23 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fc862e90-0d92-4b9f-be81-7dd2e6f73e89
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAxADMAMgAyAC4AOQA3AC0AMQAxADIAOAA4ADMANQA5ADQAMAA5ADIANwAyADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1652 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:23 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fc862e90-0d92-4b9f-be81-7dd2e6f73e89
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAxADMAMgAyAC4AOQA3AC0AMQAxADIAOAA4ADMANQA5ADQAMAA5ADIANwAyADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1651 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:23 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=112f4e52-f9b7-4e1c-bc4c-d233010765e5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHgAQQBEAE0AQQBNAGcAQQB5AEEAQwA0AEEATwBRAEEAMwBBAEMAMABBAE0AUQBBAHgAQQBEAEkAQQBPAEEAQQA0AEEARABNAEEATgBRAEEANQBBAEQAUQBBAE0AQQBBADUAQQBEAEkAQQBOAHcAQQB5AEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=b5a34f20-cfa3-439c-8fd7-6fddb3c73bd2
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1650 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:23 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=112f4e52-f9b7-4e1c-bc4c-d233010765e5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHgAQQBEAE0AQQBNAGcAQQB5AEEAQwA0AEEATwBRAEEAMwBBAEMAMABBAE0AUQBBAHgAQQBEAEkAQQBPAEEAQQA0AEEARABNAEEATgBRAEEANQBBAEQAUQBBAE0AQQBBADUAQQBEAEkAQQBOAHcAQQB5AEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1649 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:23 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=112f4e52-f9b7-4e1c-bc4c-d233010765e5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHgAQQBEAE0AQQBNAGcAQQB5AEEAQwA0AEEATwBRAEEAMwBBAEMAMABBAE0AUQBBAHgAQQBEAEkAQQBPAEEAQQA0AEEARABNAEEATgBRAEEANQBBAEQAUQBBAE0AQQBBADUAQQBEAEkAQQBOAHcAQQB5AEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1648 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:23 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=112f4e52-f9b7-4e1c-bc4c-d233010765e5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHgAQQBEAE0AQQBNAGcAQQB5AEEAQwA0AEEATwBRAEEAMwBBAEMAMABBAE0AUQBBAHgAQQBEAEkAQQBPAEEAQQA0AEEARABNAEEATgBRAEEANQBBAEQAUQBBAE0AQQBBADUAQQBEAEkAQQBOAHcAQQB5AEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1647 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:23 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=112f4e52-f9b7-4e1c-bc4c-d233010765e5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHgAQQBEAE0AQQBNAGcAQQB5AEEAQwA0AEEATwBRAEEAMwBBAEMAMABBAE0AUQBBAHgAQQBEAEkAQQBPAEEAQQA0AEEARABNAEEATgBRAEEANQBBAEQAUQBBAE0AQQBBADUAQQBEAEkAQQBOAHcAQQB5AEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1646 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:23 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=112f4e52-f9b7-4e1c-bc4c-d233010765e5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHgAQQBEAE0AQQBNAGcAQQB5AEEAQwA0AEEATwBRAEEAMwBBAEMAMABBAE0AUQBBAHgAQQBEAEkAQQBPAEEAQQA0AEEARABNAEEATgBRAEEANQBBAEQAUQBBAE0AQQBBADUAQQBEAEkAQQBOAHcAQQB5AEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1645 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:23 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=112f4e52-f9b7-4e1c-bc4c-d233010765e5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHgAQQBEAE0AQQBNAGcAQQB5AEEAQwA0AEEATwBRAEEAMwBBAEMAMABBAE0AUQBBAHgAQQBEAEkAQQBPAEEAQQA0AEEARABNAEEATgBRAEEANQBBAEQAUQBBAE0AQQBBADUAQQBEAEkAQQBOAHcAQQB5AEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1644 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:23 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d2eaa3fb-6ce3-4484-965a-63326bdc4988
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=26f03545-7070-4607-a46e-20252fc7ea74
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1643 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8e54377a-4ad5-46bb-ad45-fd8f744b1dc8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=39dcb534-dcd2-4d9f-a927-fdd42369e90c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1642 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8e54377a-4ad5-46bb-ad45-fd8f744b1dc8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1641 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8e54377a-4ad5-46bb-ad45-fd8f744b1dc8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1640 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8e54377a-4ad5-46bb-ad45-fd8f744b1dc8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1639 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8e54377a-4ad5-46bb-ad45-fd8f744b1dc8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1638 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8e54377a-4ad5-46bb-ad45-fd8f744b1dc8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1637 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8e54377a-4ad5-46bb-ad45-fd8f744b1dc8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1636 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8e54377a-4ad5-46bb-ad45-fd8f744b1dc8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1635 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8e54377a-4ad5-46bb-ad45-fd8f744b1dc8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1634 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d2eaa3fb-6ce3-4484-965a-63326bdc4988
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=26f03545-7070-4607-a46e-20252fc7ea74
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1633 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d2eaa3fb-6ce3-4484-965a-63326bdc4988
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1632 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d2eaa3fb-6ce3-4484-965a-63326bdc4988
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1631 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d2eaa3fb-6ce3-4484-965a-63326bdc4988
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1630 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d2eaa3fb-6ce3-4484-965a-63326bdc4988
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1629 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d2eaa3fb-6ce3-4484-965a-63326bdc4988
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1628 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d2eaa3fb-6ce3-4484-965a-63326bdc4988
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1627 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bec01398-f18c-4e91-a016-70728a1acfef
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=4b07d6aa-84e8-49e3-b5a1-c253fd0faf68
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1626 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ecdf724f-cff5-45b0-8e55-1aeacc017785
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=56cbd0a2-5d8a-47b5-8467-55ec8e1d8eb6
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1625 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ecdf724f-cff5-45b0-8e55-1aeacc017785
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1624 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ecdf724f-cff5-45b0-8e55-1aeacc017785
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1623 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ecdf724f-cff5-45b0-8e55-1aeacc017785
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1622 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ecdf724f-cff5-45b0-8e55-1aeacc017785
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1621 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ecdf724f-cff5-45b0-8e55-1aeacc017785
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1620 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ecdf724f-cff5-45b0-8e55-1aeacc017785
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1619 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ecdf724f-cff5-45b0-8e55-1aeacc017785
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1618 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ecdf724f-cff5-45b0-8e55-1aeacc017785
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1617 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bec01398-f18c-4e91-a016-70728a1acfef
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=4b07d6aa-84e8-49e3-b5a1-c253fd0faf68
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1616 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bec01398-f18c-4e91-a016-70728a1acfef
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1615 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bec01398-f18c-4e91-a016-70728a1acfef
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1614 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bec01398-f18c-4e91-a016-70728a1acfef
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1613 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bec01398-f18c-4e91-a016-70728a1acfef
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1612 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bec01398-f18c-4e91-a016-70728a1acfef
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1611 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bec01398-f18c-4e91-a016-70728a1acfef
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1610 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ec159eab-5130-4c80-a81b-20c62a7e917d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=d76ebe53-4e42-4988-9f3d-41b99b97252d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1609 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:15:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -AssemblyName System.IO.Compression.FileSystem
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=41c2e9f8-4247-49a9-9822-3ded0fa02ae0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=578fe3e5-957b-4578-94e1-40278ec5e1ed
PipelineId=5
ScriptName=
CommandLine= Add-Type -AssemblyName System.IO.Compression.FileSystem
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="AssemblyName"; value="System.IO.Compression.FileSystem"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1608 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:49 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=41c2e9f8-4247-49a9-9822-3ded0fa02ae0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=578fe3e5-957b-4578-94e1-40278ec5e1ed
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1607 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:49 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=41c2e9f8-4247-49a9-9822-3ded0fa02ae0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1606 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:49 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=41c2e9f8-4247-49a9-9822-3ded0fa02ae0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1605 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:49 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=41c2e9f8-4247-49a9-9822-3ded0fa02ae0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1604 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:49 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=41c2e9f8-4247-49a9-9822-3ded0fa02ae0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1603 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:49 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=41c2e9f8-4247-49a9-9822-3ded0fa02ae0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1602 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:49 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=41c2e9f8-4247-49a9-9822-3ded0fa02ae0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1601 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:49 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=41c2e9f8-4247-49a9-9822-3ded0fa02ae0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1600 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:49 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=41c2e9f8-4247-49a9-9822-3ded0fa02ae0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1599 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:49 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ec159eab-5130-4c80-a81b-20c62a7e917d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=d76ebe53-4e42-4988-9f3d-41b99b97252d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1598 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:48 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ec159eab-5130-4c80-a81b-20c62a7e917d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1597 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:48 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ec159eab-5130-4c80-a81b-20c62a7e917d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1596 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:48 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ec159eab-5130-4c80-a81b-20c62a7e917d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1595 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:48 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ec159eab-5130-4c80-a81b-20c62a7e917d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1594 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:48 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ec159eab-5130-4c80-a81b-20c62a7e917d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1593 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:48 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ec159eab-5130-4c80-a81b-20c62a7e917d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1592 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:48 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cf97e436-cc1b-432a-b983-93515b35fed6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=3dd708f7-3f3f-4d7a-ac42-9b941fe5b284
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1591 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:47 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $webclient_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0be09096-d425-4e2d-aad4-4af9afd8dfb9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=f0d36972-55d8-41d9-8e9c-ba91b368d10d
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $webclient_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value=" using System.Net;
public class ExtendedWebClient : WebClient {
public int Timeout;
public ExtendedWebClient() {
Timeout = 600000; // Default timeout value
}
protected override WebRequest GetWebRequest(System.Uri address) {
WebRequest request = base.GetWebRequest(address);
request.Timeout = Timeout;
return request;
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1590 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:46 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0be09096-d425-4e2d-aad4-4af9afd8dfb9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=f0d36972-55d8-41d9-8e9c-ba91b368d10d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1589 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:46 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0be09096-d425-4e2d-aad4-4af9afd8dfb9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1588 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:46 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0be09096-d425-4e2d-aad4-4af9afd8dfb9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1587 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:46 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0be09096-d425-4e2d-aad4-4af9afd8dfb9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1586 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:46 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0be09096-d425-4e2d-aad4-4af9afd8dfb9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1585 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:46 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0be09096-d425-4e2d-aad4-4af9afd8dfb9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1584 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:46 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0be09096-d425-4e2d-aad4-4af9afd8dfb9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1583 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:46 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0be09096-d425-4e2d-aad4-4af9afd8dfb9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1582 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:46 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0be09096-d425-4e2d-aad4-4af9afd8dfb9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1581 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:46 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cf97e436-cc1b-432a-b983-93515b35fed6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=3dd708f7-3f3f-4d7a-ac42-9b941fe5b284
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1580 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:46 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cf97e436-cc1b-432a-b983-93515b35fed6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1579 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:46 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cf97e436-cc1b-432a-b983-93515b35fed6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1578 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:46 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cf97e436-cc1b-432a-b983-93515b35fed6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1577 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:46 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cf97e436-cc1b-432a-b983-93515b35fed6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1576 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:46 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cf97e436-cc1b-432a-b983-93515b35fed6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1575 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:46 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cf97e436-cc1b-432a-b983-93515b35fed6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1574 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:46 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f9fab7d3-931a-45a8-80f1-f41ab9065dee
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b111d65d-6a9c-4e5b-9248-5a4577809bcd
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1573 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:45 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4773defd-030e-482d-bd67-92490a9e4e76
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=0cba385e-fb2a-4ef5-8ecf-62eb9ff84d9c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1572 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:45 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4773defd-030e-482d-bd67-92490a9e4e76
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1571 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:45 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4773defd-030e-482d-bd67-92490a9e4e76
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1570 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:45 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4773defd-030e-482d-bd67-92490a9e4e76
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1569 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:45 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4773defd-030e-482d-bd67-92490a9e4e76
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1568 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:45 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4773defd-030e-482d-bd67-92490a9e4e76
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1567 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:45 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4773defd-030e-482d-bd67-92490a9e4e76
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1566 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:45 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4773defd-030e-482d-bd67-92490a9e4e76
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1565 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:45 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4773defd-030e-482d-bd67-92490a9e4e76
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1564 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:45 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f9fab7d3-931a-45a8-80f1-f41ab9065dee
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b111d65d-6a9c-4e5b-9248-5a4577809bcd
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1563 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:44 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f9fab7d3-931a-45a8-80f1-f41ab9065dee
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1562 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:44 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f9fab7d3-931a-45a8-80f1-f41ab9065dee
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1561 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:44 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f9fab7d3-931a-45a8-80f1-f41ab9065dee
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1560 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:44 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f9fab7d3-931a-45a8-80f1-f41ab9065dee
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1559 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:44 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f9fab7d3-931a-45a8-80f1-f41ab9065dee
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1558 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:44 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f9fab7d3-931a-45a8-80f1-f41ab9065dee
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1557 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:44 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=deea821a-1b9c-4651-8ef9-b987d8791a3f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=cd76f09d-bc2e-4fe5-9677-a4556765418d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1556 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:43 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c52e89fd-a5fb-49b5-9591-b3c67c1d9e53
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAtAHIAZQBjAHUAcgBzAGUAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAIgAgAGMAOgBcAHcAaQBuAGQAbwB3AHMAXABzAHkAcwB0AGUAbQAzADIAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwATQBvAGQAdQBsAGUAcwA=
EngineVersion=5.1.14393.1944
RunspaceId=824ff31a-5a13-4d56-8491-66e042b231e5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1555 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:43 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c52e89fd-a5fb-49b5-9591-b3c67c1d9e53
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAtAHIAZQBjAHUAcgBzAGUAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAIgAgAGMAOgBcAHcAaQBuAGQAbwB3AHMAXABzAHkAcwB0AGUAbQAzADIAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwATQBvAGQAdQBsAGUAcwA=
EngineVersion=5.1.14393.1944
RunspaceId=824ff31a-5a13-4d56-8491-66e042b231e5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1554 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:43 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c52e89fd-a5fb-49b5-9591-b3c67c1d9e53
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAtAHIAZQBjAHUAcgBzAGUAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAIgAgAGMAOgBcAHcAaQBuAGQAbwB3AHMAXABzAHkAcwB0AGUAbQAzADIAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwATQBvAGQAdQBsAGUAcwA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1553 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:43 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c52e89fd-a5fb-49b5-9591-b3c67c1d9e53
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAtAHIAZQBjAHUAcgBzAGUAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAIgAgAGMAOgBcAHcAaQBuAGQAbwB3AHMAXABzAHkAcwB0AGUAbQAzADIAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwATQBvAGQAdQBsAGUAcwA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1552 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:43 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c52e89fd-a5fb-49b5-9591-b3c67c1d9e53
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAtAHIAZQBjAHUAcgBzAGUAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAIgAgAGMAOgBcAHcAaQBuAGQAbwB3AHMAXABzAHkAcwB0AGUAbQAzADIAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwATQBvAGQAdQBsAGUAcwA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1551 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:43 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c52e89fd-a5fb-49b5-9591-b3c67c1d9e53
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAtAHIAZQBjAHUAcgBzAGUAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAIgAgAGMAOgBcAHcAaQBuAGQAbwB3AHMAXABzAHkAcwB0AGUAbQAzADIAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwATQBvAGQAdQBsAGUAcwA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1550 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:43 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c52e89fd-a5fb-49b5-9591-b3c67c1d9e53
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAtAHIAZQBjAHUAcgBzAGUAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAIgAgAGMAOgBcAHcAaQBuAGQAbwB3AHMAXABzAHkAcwB0AGUAbQAzADIAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwATQBvAGQAdQBsAGUAcwA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1549 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:43 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c52e89fd-a5fb-49b5-9591-b3c67c1d9e53
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAtAHIAZQBjAHUAcgBzAGUAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAIgAgAGMAOgBcAHcAaQBuAGQAbwB3AHMAXABzAHkAcwB0AGUAbQAzADIAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwATQBvAGQAdQBsAGUAcwA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1548 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:43 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=03adbd7b-3a0f-45dc-95dd-8476d0a6e203
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=14b4a8bb-11cc-4c80-917a-d7e758200cbe
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1547 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:43 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=03adbd7b-3a0f-45dc-95dd-8476d0a6e203
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=14b4a8bb-11cc-4c80-917a-d7e758200cbe
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1546 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:42 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=03adbd7b-3a0f-45dc-95dd-8476d0a6e203
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1545 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:42 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=03adbd7b-3a0f-45dc-95dd-8476d0a6e203
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1544 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:42 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=03adbd7b-3a0f-45dc-95dd-8476d0a6e203
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1543 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:42 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=03adbd7b-3a0f-45dc-95dd-8476d0a6e203
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1542 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:42 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=03adbd7b-3a0f-45dc-95dd-8476d0a6e203
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1541 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:42 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=03adbd7b-3a0f-45dc-95dd-8476d0a6e203
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1540 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:42 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=03adbd7b-3a0f-45dc-95dd-8476d0a6e203
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1539 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:42 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=03adbd7b-3a0f-45dc-95dd-8476d0a6e203
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1538 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:42 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=deea821a-1b9c-4651-8ef9-b987d8791a3f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=cd76f09d-bc2e-4fe5-9677-a4556765418d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1537 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:41 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=deea821a-1b9c-4651-8ef9-b987d8791a3f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1536 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:41 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=deea821a-1b9c-4651-8ef9-b987d8791a3f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1535 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:41 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=deea821a-1b9c-4651-8ef9-b987d8791a3f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1534 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:41 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=deea821a-1b9c-4651-8ef9-b987d8791a3f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1533 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:41 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=deea821a-1b9c-4651-8ef9-b987d8791a3f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1532 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:41 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=deea821a-1b9c-4651-8ef9-b987d8791a3f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1531 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:41 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=329402b5-1b5d-49e1-b09c-eb8bd14a5f00
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=f184b02b-5080-4396-95e9-585b74fcf217
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1530 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:41 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c16cd780-cb1e-46fe-a33c-057fc382b20f
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAXABcACoAIgAgAGMAOgBcAFwAdwBpAG4AZABvAHcAcwA=
EngineVersion=5.1.14393.1944
RunspaceId=62ae951c-d857-43f0-abba-7bb8a23946d7
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1529 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:41 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c16cd780-cb1e-46fe-a33c-057fc382b20f
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAXABcACoAIgAgAGMAOgBcAFwAdwBpAG4AZABvAHcAcwA=
EngineVersion=5.1.14393.1944
RunspaceId=62ae951c-d857-43f0-abba-7bb8a23946d7
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1528 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:40 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c16cd780-cb1e-46fe-a33c-057fc382b20f
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAXABcACoAIgAgAGMAOgBcAFwAdwBpAG4AZABvAHcAcwA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1527 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:40 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c16cd780-cb1e-46fe-a33c-057fc382b20f
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAXABcACoAIgAgAGMAOgBcAFwAdwBpAG4AZABvAHcAcwA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1526 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:40 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c16cd780-cb1e-46fe-a33c-057fc382b20f
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAXABcACoAIgAgAGMAOgBcAFwAdwBpAG4AZABvAHcAcwA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1525 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:40 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c16cd780-cb1e-46fe-a33c-057fc382b20f
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAXABcACoAIgAgAGMAOgBcAFwAdwBpAG4AZABvAHcAcwA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1524 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:40 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c16cd780-cb1e-46fe-a33c-057fc382b20f
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAXABcACoAIgAgAGMAOgBcAFwAdwBpAG4AZABvAHcAcwA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1523 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:40 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c16cd780-cb1e-46fe-a33c-057fc382b20f
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAXABcACoAIgAgAGMAOgBcAFwAdwBpAG4AZABvAHcAcwA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1522 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:40 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=fc2df51e-80f6-495e-ad33-b8d947deaf82
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ce85ab04-b6d2-4092-8e58-0cc82f9ac2c3
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1521 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:40 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=fc2df51e-80f6-495e-ad33-b8d947deaf82
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ce85ab04-b6d2-4092-8e58-0cc82f9ac2c3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1520 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:40 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=fc2df51e-80f6-495e-ad33-b8d947deaf82
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1519 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:40 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=fc2df51e-80f6-495e-ad33-b8d947deaf82
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1518 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:40 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=fc2df51e-80f6-495e-ad33-b8d947deaf82
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1517 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:40 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=fc2df51e-80f6-495e-ad33-b8d947deaf82
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1516 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:40 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=fc2df51e-80f6-495e-ad33-b8d947deaf82
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1515 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:40 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=fc2df51e-80f6-495e-ad33-b8d947deaf82
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1514 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:40 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=fc2df51e-80f6-495e-ad33-b8d947deaf82
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1513 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:40 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=fc2df51e-80f6-495e-ad33-b8d947deaf82
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1512 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:40 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=329402b5-1b5d-49e1-b09c-eb8bd14a5f00
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=f184b02b-5080-4396-95e9-585b74fcf217
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1511 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:39 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=329402b5-1b5d-49e1-b09c-eb8bd14a5f00
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1510 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:39 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=329402b5-1b5d-49e1-b09c-eb8bd14a5f00
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1509 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:39 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=329402b5-1b5d-49e1-b09c-eb8bd14a5f00
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1508 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:39 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=329402b5-1b5d-49e1-b09c-eb8bd14a5f00
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1507 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:39 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=329402b5-1b5d-49e1-b09c-eb8bd14a5f00
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1506 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:39 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=329402b5-1b5d-49e1-b09c-eb8bd14a5f00
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1505 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:39 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=92809ed0-24ed-4061-a727-f3067258304f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b644073d-13ae-4eee-85e3-384000828e04
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1504 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:39 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -AssemblyName System.IO.Compression.FileSystem
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5879f357-7e89-4c80-a65e-18aea7d195f6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=1c93dfb7-01c1-464c-98a9-c7aab5a1ec6c
PipelineId=5
ScriptName=
CommandLine= Add-Type -AssemblyName System.IO.Compression.FileSystem
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="AssemblyName"; value="System.IO.Compression.FileSystem"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1503 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:38 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5879f357-7e89-4c80-a65e-18aea7d195f6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=1c93dfb7-01c1-464c-98a9-c7aab5a1ec6c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1502 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:38 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5879f357-7e89-4c80-a65e-18aea7d195f6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1501 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:38 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5879f357-7e89-4c80-a65e-18aea7d195f6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1500 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:38 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5879f357-7e89-4c80-a65e-18aea7d195f6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1499 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:38 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5879f357-7e89-4c80-a65e-18aea7d195f6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1498 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:38 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5879f357-7e89-4c80-a65e-18aea7d195f6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1497 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:38 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5879f357-7e89-4c80-a65e-18aea7d195f6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1496 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:38 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5879f357-7e89-4c80-a65e-18aea7d195f6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1495 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:38 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5879f357-7e89-4c80-a65e-18aea7d195f6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1494 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:38 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=92809ed0-24ed-4061-a727-f3067258304f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b644073d-13ae-4eee-85e3-384000828e04
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1493 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:37 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=92809ed0-24ed-4061-a727-f3067258304f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1492 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:37 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=92809ed0-24ed-4061-a727-f3067258304f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1491 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:37 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=92809ed0-24ed-4061-a727-f3067258304f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1490 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:37 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=92809ed0-24ed-4061-a727-f3067258304f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1489 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:37 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=92809ed0-24ed-4061-a727-f3067258304f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1488 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:37 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=92809ed0-24ed-4061-a727-f3067258304f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1487 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:37 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8888a97f-c792-4490-96dd-d4743da43861
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=0c40f0d8-8e61-4113-9934-bc33169ae638
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1486 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:37 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $webclient_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8572bd77-3c75-4d57-b3a0-573f53cf57df
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=f5827076-2878-406e-8de3-f1504dff3eb4
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $webclient_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value=" using System.Net;
public class ExtendedWebClient : WebClient {
public int Timeout;
public ExtendedWebClient() {
Timeout = 600000; // Default timeout value
}
protected override WebRequest GetWebRequest(System.Uri address) {
WebRequest request = base.GetWebRequest(address);
request.Timeout = Timeout;
return request;
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1485 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:37 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8572bd77-3c75-4d57-b3a0-573f53cf57df
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=f5827076-2878-406e-8de3-f1504dff3eb4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1484 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:36 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8572bd77-3c75-4d57-b3a0-573f53cf57df
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1483 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:36 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8572bd77-3c75-4d57-b3a0-573f53cf57df
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1482 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:36 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8572bd77-3c75-4d57-b3a0-573f53cf57df
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1481 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:36 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8572bd77-3c75-4d57-b3a0-573f53cf57df
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1480 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:36 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8572bd77-3c75-4d57-b3a0-573f53cf57df
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1479 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:36 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8572bd77-3c75-4d57-b3a0-573f53cf57df
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1478 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:36 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8572bd77-3c75-4d57-b3a0-573f53cf57df
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1477 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:36 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8572bd77-3c75-4d57-b3a0-573f53cf57df
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1476 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:36 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8888a97f-c792-4490-96dd-d4743da43861
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=0c40f0d8-8e61-4113-9934-bc33169ae638
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1475 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:36 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8888a97f-c792-4490-96dd-d4743da43861
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1474 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:36 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8888a97f-c792-4490-96dd-d4743da43861
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1473 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:36 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8888a97f-c792-4490-96dd-d4743da43861
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1472 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:36 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8888a97f-c792-4490-96dd-d4743da43861
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1471 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:36 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8888a97f-c792-4490-96dd-d4743da43861
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1470 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:36 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8888a97f-c792-4490-96dd-d4743da43861
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1469 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:36 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ba58ded3-55a3-446d-b0fb-be74968ac35b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b3125380-11f6-488c-a7ec-cd050cb43d58
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1468 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:35 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2f66f809-d21a-43da-9e99-97c4c4cfe76e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=7d36cb3f-2548-476d-8493-b29ae7032ab4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1467 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:35 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2f66f809-d21a-43da-9e99-97c4c4cfe76e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1466 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:35 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2f66f809-d21a-43da-9e99-97c4c4cfe76e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1465 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:35 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2f66f809-d21a-43da-9e99-97c4c4cfe76e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1464 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:35 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2f66f809-d21a-43da-9e99-97c4c4cfe76e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1463 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:35 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2f66f809-d21a-43da-9e99-97c4c4cfe76e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1462 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:35 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2f66f809-d21a-43da-9e99-97c4c4cfe76e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1461 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:35 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2f66f809-d21a-43da-9e99-97c4c4cfe76e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1460 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:35 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2f66f809-d21a-43da-9e99-97c4c4cfe76e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1459 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:35 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ba58ded3-55a3-446d-b0fb-be74968ac35b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b3125380-11f6-488c-a7ec-cd050cb43d58
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1458 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:34 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ba58ded3-55a3-446d-b0fb-be74968ac35b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1457 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:34 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ba58ded3-55a3-446d-b0fb-be74968ac35b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1456 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:34 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ba58ded3-55a3-446d-b0fb-be74968ac35b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1455 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:34 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ba58ded3-55a3-446d-b0fb-be74968ac35b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1454 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:34 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ba58ded3-55a3-446d-b0fb-be74968ac35b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1453 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:34 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ba58ded3-55a3-446d-b0fb-be74968ac35b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1452 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:34 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=307935f0-68a4-42cf-b039-e09898a937e0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9fa03d13-bf01-420a-b77d-7a4df4243958
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1451 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:33 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c9dcf9f5-132e-4e65-9b3b-d563ce9079b0
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAdgBjAHIAZQBkAGkAcwB0AF8AeAA4ADYALgBlAHgAZQAgAC8AcQA=
EngineVersion=5.1.14393.1944
RunspaceId=14206d5d-f839-454d-b0b3-b37487e31eec
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1450 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:30 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c9dcf9f5-132e-4e65-9b3b-d563ce9079b0
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAdgBjAHIAZQBkAGkAcwB0AF8AeAA4ADYALgBlAHgAZQAgAC8AcQA=
EngineVersion=5.1.14393.1944
RunspaceId=14206d5d-f839-454d-b0b3-b37487e31eec
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1449 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:30 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c9dcf9f5-132e-4e65-9b3b-d563ce9079b0
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAdgBjAHIAZQBkAGkAcwB0AF8AeAA4ADYALgBlAHgAZQAgAC8AcQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1448 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:30 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c9dcf9f5-132e-4e65-9b3b-d563ce9079b0
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAdgBjAHIAZQBkAGkAcwB0AF8AeAA4ADYALgBlAHgAZQAgAC8AcQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1447 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:30 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c9dcf9f5-132e-4e65-9b3b-d563ce9079b0
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAdgBjAHIAZQBkAGkAcwB0AF8AeAA4ADYALgBlAHgAZQAgAC8AcQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1446 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:30 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c9dcf9f5-132e-4e65-9b3b-d563ce9079b0
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAdgBjAHIAZQBkAGkAcwB0AF8AeAA4ADYALgBlAHgAZQAgAC8AcQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1445 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:30 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c9dcf9f5-132e-4e65-9b3b-d563ce9079b0
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAdgBjAHIAZQBkAGkAcwB0AF8AeAA4ADYALgBlAHgAZQAgAC8AcQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1444 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:30 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c9dcf9f5-132e-4e65-9b3b-d563ce9079b0
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAdgBjAHIAZQBkAGkAcwB0AF8AeAA4ADYALgBlAHgAZQAgAC8AcQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1443 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:30 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=127f71b3-6c0e-46c6-b886-3686d62f6161
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c939b25b-fea5-4260-a287-45c0e24df791
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1442 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:29 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=127f71b3-6c0e-46c6-b886-3686d62f6161
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c939b25b-fea5-4260-a287-45c0e24df791
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1441 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:29 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=127f71b3-6c0e-46c6-b886-3686d62f6161
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1440 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:29 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=127f71b3-6c0e-46c6-b886-3686d62f6161
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1439 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:29 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=127f71b3-6c0e-46c6-b886-3686d62f6161
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1438 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:29 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=127f71b3-6c0e-46c6-b886-3686d62f6161
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1437 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:29 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=127f71b3-6c0e-46c6-b886-3686d62f6161
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1436 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:29 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=127f71b3-6c0e-46c6-b886-3686d62f6161
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1435 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:29 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=127f71b3-6c0e-46c6-b886-3686d62f6161
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1434 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:29 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=127f71b3-6c0e-46c6-b886-3686d62f6161
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1433 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:29 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=307935f0-68a4-42cf-b039-e09898a937e0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9fa03d13-bf01-420a-b77d-7a4df4243958
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1432 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=307935f0-68a4-42cf-b039-e09898a937e0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1431 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=307935f0-68a4-42cf-b039-e09898a937e0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1430 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=307935f0-68a4-42cf-b039-e09898a937e0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1429 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=307935f0-68a4-42cf-b039-e09898a937e0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1428 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=307935f0-68a4-42cf-b039-e09898a937e0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1427 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=307935f0-68a4-42cf-b039-e09898a937e0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1426 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=35bd14dc-1076-4dc0-af16-3feb3ee56feb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=7bf253f8-2430-4888-9b17-41736b75dd87
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1425 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $webclient_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7eb7d767-8b49-45c4-a66a-e84d4520d781
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=7357eb3b-a7c0-412d-b7dd-bf27fdc5c421
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $webclient_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value=" using System.Net;
public class ExtendedWebClient : WebClient {
public int Timeout;
public ExtendedWebClient() {
Timeout = 600000; // Default timeout value
}
protected override WebRequest GetWebRequest(System.Uri address) {
WebRequest request = base.GetWebRequest(address);
request.Timeout = Timeout;
return request;
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1424 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:27 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7eb7d767-8b49-45c4-a66a-e84d4520d781
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=7357eb3b-a7c0-412d-b7dd-bf27fdc5c421
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1423 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:27 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7eb7d767-8b49-45c4-a66a-e84d4520d781
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1422 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:27 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7eb7d767-8b49-45c4-a66a-e84d4520d781
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1421 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:27 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7eb7d767-8b49-45c4-a66a-e84d4520d781
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1420 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:27 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7eb7d767-8b49-45c4-a66a-e84d4520d781
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1419 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:27 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7eb7d767-8b49-45c4-a66a-e84d4520d781
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1418 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:27 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7eb7d767-8b49-45c4-a66a-e84d4520d781
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1417 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:27 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7eb7d767-8b49-45c4-a66a-e84d4520d781
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1416 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:27 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7eb7d767-8b49-45c4-a66a-e84d4520d781
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1415 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:27 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=35bd14dc-1076-4dc0-af16-3feb3ee56feb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=7bf253f8-2430-4888-9b17-41736b75dd87
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1414 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:26 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=35bd14dc-1076-4dc0-af16-3feb3ee56feb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1413 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:26 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=35bd14dc-1076-4dc0-af16-3feb3ee56feb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1412 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:26 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=35bd14dc-1076-4dc0-af16-3feb3ee56feb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1411 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:26 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=35bd14dc-1076-4dc0-af16-3feb3ee56feb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1410 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:26 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=35bd14dc-1076-4dc0-af16-3feb3ee56feb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1409 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:26 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=35bd14dc-1076-4dc0-af16-3feb3ee56feb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1408 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:26 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5e6e85ac-ccf1-4310-864b-f8e7a671baa4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=68f7fb94-47fc-492e-8f34-72fbc1431114
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1407 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:26 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e4c8ac0b-7afc-4455-b728-4dc6368f9119
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=1c708646-153c-4359-a7ac-cb56198738bb
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1406 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e4c8ac0b-7afc-4455-b728-4dc6368f9119
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1405 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e4c8ac0b-7afc-4455-b728-4dc6368f9119
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1404 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e4c8ac0b-7afc-4455-b728-4dc6368f9119
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1403 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e4c8ac0b-7afc-4455-b728-4dc6368f9119
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1402 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e4c8ac0b-7afc-4455-b728-4dc6368f9119
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1401 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e4c8ac0b-7afc-4455-b728-4dc6368f9119
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1400 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e4c8ac0b-7afc-4455-b728-4dc6368f9119
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1399 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e4c8ac0b-7afc-4455-b728-4dc6368f9119
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1398 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5e6e85ac-ccf1-4310-864b-f8e7a671baa4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=68f7fb94-47fc-492e-8f34-72fbc1431114
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1397 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5e6e85ac-ccf1-4310-864b-f8e7a671baa4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1396 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5e6e85ac-ccf1-4310-864b-f8e7a671baa4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1395 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5e6e85ac-ccf1-4310-864b-f8e7a671baa4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1394 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5e6e85ac-ccf1-4310-864b-f8e7a671baa4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1393 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5e6e85ac-ccf1-4310-864b-f8e7a671baa4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1392 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5e6e85ac-ccf1-4310-864b-f8e7a671baa4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1391 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8f0e5512-ddd8-4816-b028-fee5e3cecec3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=3133a62f-3966-4e50-beb2-4cad0fde4aea
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1390 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7250e974-8100-4fae-a7a7-081adf2e262b
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8AUAByAG8AZAB1AGMAdAAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAIABMAEkASwBFACAAJwAlAFYAaQBzAHUAYQBsACAAQwArACsAIAAyADAAMQAyACAAeAA4ADYAJQAnACIA
EngineVersion=5.1.14393.1944
RunspaceId=78053eb1-0102-42bc-ad46-c36fe61edb54
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1389 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7250e974-8100-4fae-a7a7-081adf2e262b
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8AUAByAG8AZAB1AGMAdAAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAIABMAEkASwBFACAAJwAlAFYAaQBzAHUAYQBsACAAQwArACsAIAAyADAAMQAyACAAeAA4ADYAJQAnACIA
EngineVersion=5.1.14393.1944
RunspaceId=78053eb1-0102-42bc-ad46-c36fe61edb54
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1388 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7250e974-8100-4fae-a7a7-081adf2e262b
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8AUAByAG8AZAB1AGMAdAAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAIABMAEkASwBFACAAJwAlAFYAaQBzAHUAYQBsACAAQwArACsAIAAyADAAMQAyACAAeAA4ADYAJQAnACIA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1387 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7250e974-8100-4fae-a7a7-081adf2e262b
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8AUAByAG8AZAB1AGMAdAAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAIABMAEkASwBFACAAJwAlAFYAaQBzAHUAYQBsACAAQwArACsAIAAyADAAMQAyACAAeAA4ADYAJQAnACIA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1386 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7250e974-8100-4fae-a7a7-081adf2e262b
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8AUAByAG8AZAB1AGMAdAAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAIABMAEkASwBFACAAJwAlAFYAaQBzAHUAYQBsACAAQwArACsAIAAyADAAMQAyACAAeAA4ADYAJQAnACIA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1385 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7250e974-8100-4fae-a7a7-081adf2e262b
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8AUAByAG8AZAB1AGMAdAAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAIABMAEkASwBFACAAJwAlAFYAaQBzAHUAYQBsACAAQwArACsAIAAyADAAMQAyACAAeAA4ADYAJQAnACIA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1384 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7250e974-8100-4fae-a7a7-081adf2e262b
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8AUAByAG8AZAB1AGMAdAAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAIABMAEkASwBFACAAJwAlAFYAaQBzAHUAYQBsACAAQwArACsAIAAyADAAMQAyACAAeAA4ADYAJQAnACIA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1383 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7250e974-8100-4fae-a7a7-081adf2e262b
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8AUAByAG8AZAB1AGMAdAAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAIABMAEkASwBFACAAJwAlAFYAaQBzAHUAYQBsACAAQwArACsAIAAyADAAMQAyACAAeAA4ADYAJQAnACIA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1382 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c370d3ad-9814-4a54-aa68-1492f72a5e15
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=d2cb3882-9805-4602-bc9f-6636a6f0b73a
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1381 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c370d3ad-9814-4a54-aa68-1492f72a5e15
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=d2cb3882-9805-4602-bc9f-6636a6f0b73a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1380 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c370d3ad-9814-4a54-aa68-1492f72a5e15
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1379 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c370d3ad-9814-4a54-aa68-1492f72a5e15
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1378 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c370d3ad-9814-4a54-aa68-1492f72a5e15
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1377 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c370d3ad-9814-4a54-aa68-1492f72a5e15
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1376 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c370d3ad-9814-4a54-aa68-1492f72a5e15
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1375 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c370d3ad-9814-4a54-aa68-1492f72a5e15
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1374 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c370d3ad-9814-4a54-aa68-1492f72a5e15
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1373 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c370d3ad-9814-4a54-aa68-1492f72a5e15
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1372 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8f0e5512-ddd8-4816-b028-fee5e3cecec3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=3133a62f-3966-4e50-beb2-4cad0fde4aea
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1371 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8f0e5512-ddd8-4816-b028-fee5e3cecec3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1370 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8f0e5512-ddd8-4816-b028-fee5e3cecec3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1369 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8f0e5512-ddd8-4816-b028-fee5e3cecec3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1368 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8f0e5512-ddd8-4816-b028-fee5e3cecec3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1367 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8f0e5512-ddd8-4816-b028-fee5e3cecec3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1366 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8f0e5512-ddd8-4816-b028-fee5e3cecec3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1365 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a004be3d-55ed-4074-bc78-7ff2239d8f90
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=6af03070-07bb-4697-bf6a-d382e80cb6fc
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1364 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0426e9f0-fdfb-4085-aa28-6765bf6adf28
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=eb68501b-ce83-423f-b7cd-af40a0f45c64
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1363 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0426e9f0-fdfb-4085-aa28-6765bf6adf28
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1362 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0426e9f0-fdfb-4085-aa28-6765bf6adf28
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1361 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0426e9f0-fdfb-4085-aa28-6765bf6adf28
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1360 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0426e9f0-fdfb-4085-aa28-6765bf6adf28
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1359 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0426e9f0-fdfb-4085-aa28-6765bf6adf28
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1358 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0426e9f0-fdfb-4085-aa28-6765bf6adf28
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1357 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0426e9f0-fdfb-4085-aa28-6765bf6adf28
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1356 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0426e9f0-fdfb-4085-aa28-6765bf6adf28
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1355 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a004be3d-55ed-4074-bc78-7ff2239d8f90
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=6af03070-07bb-4697-bf6a-d382e80cb6fc
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1354 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a004be3d-55ed-4074-bc78-7ff2239d8f90
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1353 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a004be3d-55ed-4074-bc78-7ff2239d8f90
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1352 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a004be3d-55ed-4074-bc78-7ff2239d8f90
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1351 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a004be3d-55ed-4074-bc78-7ff2239d8f90
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1350 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a004be3d-55ed-4074-bc78-7ff2239d8f90
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1349 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a004be3d-55ed-4074-bc78-7ff2239d8f90
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1348 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a2de5939-f1cc-401d-b9aa-769796b91b7f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=2893eaa3-71ea-45ac-8fe5-5d386d8699a1
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1347 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:13:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=de936f1d-0c98-40e1-87bb-84301f9a9732
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAZwBpAHQALQBpAG4AcwB0AGEAbABsAGUAcgAuAGUAeABlACAALwBzAGkAbABlAG4AdAA=
EngineVersion=5.1.14393.1944
RunspaceId=b08daf59-0652-45c0-a7c6-abb460cb897f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1346 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:47 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=de936f1d-0c98-40e1-87bb-84301f9a9732
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAZwBpAHQALQBpAG4AcwB0AGEAbABsAGUAcgAuAGUAeABlACAALwBzAGkAbABlAG4AdAA=
EngineVersion=5.1.14393.1944
RunspaceId=b08daf59-0652-45c0-a7c6-abb460cb897f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1345 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:44 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=de936f1d-0c98-40e1-87bb-84301f9a9732
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAZwBpAHQALQBpAG4AcwB0AGEAbABsAGUAcgAuAGUAeABlACAALwBzAGkAbABlAG4AdAA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1344 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:44 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=de936f1d-0c98-40e1-87bb-84301f9a9732
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAZwBpAHQALQBpAG4AcwB0AGEAbABsAGUAcgAuAGUAeABlACAALwBzAGkAbABlAG4AdAA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1343 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:44 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=de936f1d-0c98-40e1-87bb-84301f9a9732
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAZwBpAHQALQBpAG4AcwB0AGEAbABsAGUAcgAuAGUAeABlACAALwBzAGkAbABlAG4AdAA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1342 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:44 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=de936f1d-0c98-40e1-87bb-84301f9a9732
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAZwBpAHQALQBpAG4AcwB0AGEAbABsAGUAcgAuAGUAeABlACAALwBzAGkAbABlAG4AdAA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1341 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:44 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=de936f1d-0c98-40e1-87bb-84301f9a9732
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAZwBpAHQALQBpAG4AcwB0AGEAbABsAGUAcgAuAGUAeABlACAALwBzAGkAbABlAG4AdAA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1340 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:44 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=de936f1d-0c98-40e1-87bb-84301f9a9732
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAZwBpAHQALQBpAG4AcwB0AGEAbABsAGUAcgAuAGUAeABlACAALwBzAGkAbABlAG4AdAA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1339 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:44 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a92c9eed-cd9b-40f8-9623-fad764249d3f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=185a1dce-e205-48fb-a84c-74a478981f3f
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1338 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:44 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a92c9eed-cd9b-40f8-9623-fad764249d3f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=185a1dce-e205-48fb-a84c-74a478981f3f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1337 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:44 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a92c9eed-cd9b-40f8-9623-fad764249d3f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1336 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:44 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a92c9eed-cd9b-40f8-9623-fad764249d3f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1335 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:44 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a92c9eed-cd9b-40f8-9623-fad764249d3f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1334 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:44 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a92c9eed-cd9b-40f8-9623-fad764249d3f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1333 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:44 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a92c9eed-cd9b-40f8-9623-fad764249d3f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1332 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:44 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a92c9eed-cd9b-40f8-9623-fad764249d3f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1331 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:44 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a92c9eed-cd9b-40f8-9623-fad764249d3f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1330 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:44 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a92c9eed-cd9b-40f8-9623-fad764249d3f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1329 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:44 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a2de5939-f1cc-401d-b9aa-769796b91b7f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=2893eaa3-71ea-45ac-8fe5-5d386d8699a1
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1328 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:43 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a2de5939-f1cc-401d-b9aa-769796b91b7f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1327 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:43 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a2de5939-f1cc-401d-b9aa-769796b91b7f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1326 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:43 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a2de5939-f1cc-401d-b9aa-769796b91b7f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1325 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:43 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a2de5939-f1cc-401d-b9aa-769796b91b7f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1324 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:43 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a2de5939-f1cc-401d-b9aa-769796b91b7f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1323 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:43 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a2de5939-f1cc-401d-b9aa-769796b91b7f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1322 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:43 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a12cb35d-7ebc-4b4f-847c-83df19f017cd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=f404d15e-79e2-4eee-b3ff-e3ff6abbb7cf
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1321 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:42 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $webclient_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6aabc06e-0563-42d7-bffe-4ca0d76c7de6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=7461a552-ab6e-495f-8384-2512c61379b8
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $webclient_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value=" using System.Net;
public class ExtendedWebClient : WebClient {
public int Timeout;
public ExtendedWebClient() {
Timeout = 600000; // Default timeout value
}
protected override WebRequest GetWebRequest(System.Uri address) {
WebRequest request = base.GetWebRequest(address);
request.Timeout = Timeout;
return request;
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1320 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:40 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6aabc06e-0563-42d7-bffe-4ca0d76c7de6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=7461a552-ab6e-495f-8384-2512c61379b8
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1319 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:39 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6aabc06e-0563-42d7-bffe-4ca0d76c7de6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1318 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:39 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6aabc06e-0563-42d7-bffe-4ca0d76c7de6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1317 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:39 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6aabc06e-0563-42d7-bffe-4ca0d76c7de6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1316 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:39 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6aabc06e-0563-42d7-bffe-4ca0d76c7de6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1315 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:39 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6aabc06e-0563-42d7-bffe-4ca0d76c7de6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1314 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:39 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6aabc06e-0563-42d7-bffe-4ca0d76c7de6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1313 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:39 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6aabc06e-0563-42d7-bffe-4ca0d76c7de6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1312 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:39 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6aabc06e-0563-42d7-bffe-4ca0d76c7de6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1311 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:39 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a12cb35d-7ebc-4b4f-847c-83df19f017cd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=f404d15e-79e2-4eee-b3ff-e3ff6abbb7cf
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1310 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:39 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a12cb35d-7ebc-4b4f-847c-83df19f017cd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1309 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:39 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a12cb35d-7ebc-4b4f-847c-83df19f017cd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1308 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:39 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a12cb35d-7ebc-4b4f-847c-83df19f017cd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1307 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:39 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a12cb35d-7ebc-4b4f-847c-83df19f017cd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1306 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:39 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a12cb35d-7ebc-4b4f-847c-83df19f017cd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1305 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:39 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a12cb35d-7ebc-4b4f-847c-83df19f017cd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1304 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:39 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f1a4aaf2-dd2d-403e-a960-a559567f65eb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ba058eef-fd4d-4381-9227-023395972a68
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1303 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:38 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3bf41c80-1c2c-4d43-9e73-4ace5013a1dd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=74ebbeab-cbdb-4fbe-9cbd-89b8734ba151
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1302 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:38 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3bf41c80-1c2c-4d43-9e73-4ace5013a1dd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1301 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:38 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3bf41c80-1c2c-4d43-9e73-4ace5013a1dd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1300 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:38 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3bf41c80-1c2c-4d43-9e73-4ace5013a1dd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1299 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:38 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3bf41c80-1c2c-4d43-9e73-4ace5013a1dd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1298 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:38 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3bf41c80-1c2c-4d43-9e73-4ace5013a1dd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1297 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:38 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3bf41c80-1c2c-4d43-9e73-4ace5013a1dd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1296 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:38 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3bf41c80-1c2c-4d43-9e73-4ace5013a1dd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1295 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:38 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3bf41c80-1c2c-4d43-9e73-4ace5013a1dd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1294 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:38 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f1a4aaf2-dd2d-403e-a960-a559567f65eb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ba058eef-fd4d-4381-9227-023395972a68
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1293 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:37 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f1a4aaf2-dd2d-403e-a960-a559567f65eb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1292 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:37 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f1a4aaf2-dd2d-403e-a960-a559567f65eb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1291 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:37 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f1a4aaf2-dd2d-403e-a960-a559567f65eb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1290 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:37 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f1a4aaf2-dd2d-403e-a960-a559567f65eb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1289 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:37 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f1a4aaf2-dd2d-403e-a960-a559567f65eb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1288 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:37 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f1a4aaf2-dd2d-403e-a960-a559567f65eb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1287 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:37 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f60802d5-9834-4b98-9276-a7abe6844b60
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAFEAQQB4AEEARABVAEEATgBBAEEAdQBBAEQARQBBAE8AQQBBAHQAQQBEAEUAQQBOAHcAQQA0AEEARABZAEEATgB3AEEANABBAEQARQBBAE0AQQBBAHkAQQBEAEUAQQBNAHcAQQB5AEEARABJAEEATQBRAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=45431811-60a1-4e3f-a7bd-abb177931c82
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1286 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:36 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0571978a-5417-4549-915c-9d84c7efae2f
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAxADUANAAuADEAOAAtADEANwA4ADYANwA4ADEAMAAyADEAMwAyADIAMQAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=431d4d88-f348-4b64-aed0-c0c90e3a0f6c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1285 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:36 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0571978a-5417-4549-915c-9d84c7efae2f
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAxADUANAAuADEAOAAtADEANwA4ADYANwA4ADEAMAAyADEAMwAyADIAMQAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=431d4d88-f348-4b64-aed0-c0c90e3a0f6c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1284 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:36 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0571978a-5417-4549-915c-9d84c7efae2f
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAxADUANAAuADEAOAAtADEANwA4ADYANwA4ADEAMAAyADEAMwAyADIAMQAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1283 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:36 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0571978a-5417-4549-915c-9d84c7efae2f
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAxADUANAAuADEAOAAtADEANwA4ADYANwA4ADEAMAAyADEAMwAyADIAMQAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1282 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:36 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0571978a-5417-4549-915c-9d84c7efae2f
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAxADUANAAuADEAOAAtADEANwA4ADYANwA4ADEAMAAyADEAMwAyADIAMQAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1281 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:36 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0571978a-5417-4549-915c-9d84c7efae2f
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAxADUANAAuADEAOAAtADEANwA4ADYANwA4ADEAMAAyADEAMwAyADIAMQAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1280 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:36 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0571978a-5417-4549-915c-9d84c7efae2f
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAxADUANAAuADEAOAAtADEANwA4ADYANwA4ADEAMAAyADEAMwAyADIAMQAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1279 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:36 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0571978a-5417-4549-915c-9d84c7efae2f
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAxADUANAAuADEAOAAtADEANwA4ADYANwA4ADEAMAAyADEAMwAyADIAMQAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1278 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:36 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f60802d5-9834-4b98-9276-a7abe6844b60
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAFEAQQB4AEEARABVAEEATgBBAEEAdQBBAEQARQBBAE8AQQBBAHQAQQBEAEUAQQBOAHcAQQA0AEEARABZAEEATgB3AEEANABBAEQARQBBAE0AQQBBAHkAQQBEAEUAQQBNAHcAQQB5AEEARABJAEEATQBRAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=45431811-60a1-4e3f-a7bd-abb177931c82
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1277 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:36 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f60802d5-9834-4b98-9276-a7abe6844b60
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAFEAQQB4AEEARABVAEEATgBBAEEAdQBBAEQARQBBAE8AQQBBAHQAQQBEAEUAQQBOAHcAQQA0AEEARABZAEEATgB3AEEANABBAEQARQBBAE0AQQBBAHkAQQBEAEUAQQBNAHcAQQB5AEEARABJAEEATQBRAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1276 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:36 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f60802d5-9834-4b98-9276-a7abe6844b60
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAFEAQQB4AEEARABVAEEATgBBAEEAdQBBAEQARQBBAE8AQQBBAHQAQQBEAEUAQQBOAHcAQQA0AEEARABZAEEATgB3AEEANABBAEQARQBBAE0AQQBBAHkAQQBEAEUAQQBNAHcAQQB5AEEARABJAEEATQBRAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1275 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:36 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f60802d5-9834-4b98-9276-a7abe6844b60
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAFEAQQB4AEEARABVAEEATgBBAEEAdQBBAEQARQBBAE8AQQBBAHQAQQBEAEUAQQBOAHcAQQA0AEEARABZAEEATgB3AEEANABBAEQARQBBAE0AQQBBAHkAQQBEAEUAQQBNAHcAQQB5AEEARABJAEEATQBRAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1274 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:36 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f60802d5-9834-4b98-9276-a7abe6844b60
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAFEAQQB4AEEARABVAEEATgBBAEEAdQBBAEQARQBBAE8AQQBBAHQAQQBEAEUAQQBOAHcAQQA0AEEARABZAEEATgB3AEEANABBAEQARQBBAE0AQQBBAHkAQQBEAEUAQQBNAHcAQQB5AEEARABJAEEATQBRAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1273 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:36 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f60802d5-9834-4b98-9276-a7abe6844b60
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAFEAQQB4AEEARABVAEEATgBBAEEAdQBBAEQARQBBAE8AQQBBAHQAQQBEAEUAQQBOAHcAQQA0AEEARABZAEEATgB3AEEANABBAEQARQBBAE0AQQBBAHkAQQBEAEUAQQBNAHcAQQB5AEEARABJAEEATQBRAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1272 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:36 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f60802d5-9834-4b98-9276-a7abe6844b60
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAFEAQQB4AEEARABVAEEATgBBAEEAdQBBAEQARQBBAE8AQQBBAHQAQQBEAEUAQQBOAHcAQQA0AEEARABZAEEATgB3AEEANABBAEQARQBBAE0AQQBBAHkAQQBEAEUAQQBNAHcAQQB5AEEARABJAEEATQBRAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1271 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:36 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=46166015-7e9a-4e11-9588-1150904374af
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=33e95f94-a4e5-436f-8542-9a7ace952785
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1270 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:36 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=aaea6cd2-c47a-4dcc-b360-792a1fe333b5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=d6adf4e3-896f-459a-9284-6b80ac155824
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1269 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:36 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=aaea6cd2-c47a-4dcc-b360-792a1fe333b5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1268 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:36 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=aaea6cd2-c47a-4dcc-b360-792a1fe333b5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1267 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:36 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=aaea6cd2-c47a-4dcc-b360-792a1fe333b5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1266 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:36 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=aaea6cd2-c47a-4dcc-b360-792a1fe333b5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1265 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:36 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=aaea6cd2-c47a-4dcc-b360-792a1fe333b5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1264 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:36 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=aaea6cd2-c47a-4dcc-b360-792a1fe333b5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1263 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:36 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=aaea6cd2-c47a-4dcc-b360-792a1fe333b5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1262 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:36 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=aaea6cd2-c47a-4dcc-b360-792a1fe333b5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1261 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:36 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=46166015-7e9a-4e11-9588-1150904374af
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=33e95f94-a4e5-436f-8542-9a7ace952785
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1260 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:35 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=46166015-7e9a-4e11-9588-1150904374af
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1259 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:35 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=46166015-7e9a-4e11-9588-1150904374af
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1258 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:35 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=46166015-7e9a-4e11-9588-1150904374af
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1257 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:35 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=46166015-7e9a-4e11-9588-1150904374af
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1256 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:35 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=46166015-7e9a-4e11-9588-1150904374af
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1255 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:35 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=46166015-7e9a-4e11-9588-1150904374af
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1254 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:35 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=59ad5426-092c-4fc3-ad12-abf8ebb0c298
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAxADUANAAuADEAOAAtADEANwA4ADYANwA4ADEAMAAyADEAMwAyADIAMQAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=f3c039dd-8f8f-44d2-a9d5-c5efefd0dd2e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1253 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:35 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=59ad5426-092c-4fc3-ad12-abf8ebb0c298
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAxADUANAAuADEAOAAtADEANwA4ADYANwA4ADEAMAAyADEAMwAyADIAMQAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=f3c039dd-8f8f-44d2-a9d5-c5efefd0dd2e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1252 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:35 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=59ad5426-092c-4fc3-ad12-abf8ebb0c298
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAxADUANAAuADEAOAAtADEANwA4ADYANwA4ADEAMAAyADEAMwAyADIAMQAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1251 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:35 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=59ad5426-092c-4fc3-ad12-abf8ebb0c298
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAxADUANAAuADEAOAAtADEANwA4ADYANwA4ADEAMAAyADEAMwAyADIAMQAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1250 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:35 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=59ad5426-092c-4fc3-ad12-abf8ebb0c298
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAxADUANAAuADEAOAAtADEANwA4ADYANwA4ADEAMAAyADEAMwAyADIAMQAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1249 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:35 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=59ad5426-092c-4fc3-ad12-abf8ebb0c298
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAxADUANAAuADEAOAAtADEANwA4ADYANwA4ADEAMAAyADEAMwAyADIAMQAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1248 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:35 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=59ad5426-092c-4fc3-ad12-abf8ebb0c298
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAxADUANAAuADEAOAAtADEANwA4ADYANwA4ADEAMAAyADEAMwAyADIAMQAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1247 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:35 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=59ad5426-092c-4fc3-ad12-abf8ebb0c298
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAxADUANAAuADEAOAAtADEANwA4ADYANwA4ADEAMAAyADEAMwAyADIAMQAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1246 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:35 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dde35ef5-5ac9-4c47-a024-8e57a86c48bf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHgAQQBEAEUAQQBOAFEAQQAwAEEAQwA0AEEATQBRAEEANABBAEMAMABBAE0AUQBBADMAQQBEAGcAQQBOAGcAQQAzAEEARABnAEEATQBRAEEAdwBBAEQASQBBAE0AUQBBAHoAQQBEAEkAQQBNAGcAQQB4AEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=9a2d3e54-2c0a-425e-a3c5-e32a4508bbf2
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1245 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:34 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f2fbb8ae-c674-49f3-9e27-8006f0a34c45
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAxADEANQA0AC4AMQA4AC0AMQA3ADgANgA3ADgAMQAwADIAMQAzADIAMgAxADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=139a4218-46f5-4118-8833-665068f50477
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1244 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:34 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f2fbb8ae-c674-49f3-9e27-8006f0a34c45
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAxADEANQA0AC4AMQA4AC0AMQA3ADgANgA3ADgAMQAwADIAMQAzADIAMgAxADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=139a4218-46f5-4118-8833-665068f50477
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1243 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:34 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f2fbb8ae-c674-49f3-9e27-8006f0a34c45
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAxADEANQA0AC4AMQA4AC0AMQA3ADgANgA3ADgAMQAwADIAMQAzADIAMgAxADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1242 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:34 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f2fbb8ae-c674-49f3-9e27-8006f0a34c45
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAxADEANQA0AC4AMQA4AC0AMQA3ADgANgA3ADgAMQAwADIAMQAzADIAMgAxADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1241 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:34 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f2fbb8ae-c674-49f3-9e27-8006f0a34c45
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAxADEANQA0AC4AMQA4AC0AMQA3ADgANgA3ADgAMQAwADIAMQAzADIAMgAxADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1240 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:34 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f2fbb8ae-c674-49f3-9e27-8006f0a34c45
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAxADEANQA0AC4AMQA4AC0AMQA3ADgANgA3ADgAMQAwADIAMQAzADIAMgAxADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1239 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:34 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f2fbb8ae-c674-49f3-9e27-8006f0a34c45
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAxADEANQA0AC4AMQA4AC0AMQA3ADgANgA3ADgAMQAwADIAMQAzADIAMgAxADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1238 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:34 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f2fbb8ae-c674-49f3-9e27-8006f0a34c45
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAxADEANQA0AC4AMQA4AC0AMQA3ADgANgA3ADgAMQAwADIAMQAzADIAMgAxADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1237 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:34 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dde35ef5-5ac9-4c47-a024-8e57a86c48bf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHgAQQBEAEUAQQBOAFEAQQAwAEEAQwA0AEEATQBRAEEANABBAEMAMABBAE0AUQBBADMAQQBEAGcAQQBOAGcAQQAzAEEARABnAEEATQBRAEEAdwBBAEQASQBBAE0AUQBBAHoAQQBEAEkAQQBNAGcAQQB4AEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=9a2d3e54-2c0a-425e-a3c5-e32a4508bbf2
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1236 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:34 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dde35ef5-5ac9-4c47-a024-8e57a86c48bf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHgAQQBEAEUAQQBOAFEAQQAwAEEAQwA0AEEATQBRAEEANABBAEMAMABBAE0AUQBBADMAQQBEAGcAQQBOAGcAQQAzAEEARABnAEEATQBRAEEAdwBBAEQASQBBAE0AUQBBAHoAQQBEAEkAQQBNAGcAQQB4AEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1235 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:34 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dde35ef5-5ac9-4c47-a024-8e57a86c48bf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHgAQQBEAEUAQQBOAFEAQQAwAEEAQwA0AEEATQBRAEEANABBAEMAMABBAE0AUQBBADMAQQBEAGcAQQBOAGcAQQAzAEEARABnAEEATQBRAEEAdwBBAEQASQBBAE0AUQBBAHoAQQBEAEkAQQBNAGcAQQB4AEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1234 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:34 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dde35ef5-5ac9-4c47-a024-8e57a86c48bf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHgAQQBEAEUAQQBOAFEAQQAwAEEAQwA0AEEATQBRAEEANABBAEMAMABBAE0AUQBBADMAQQBEAGcAQQBOAGcAQQAzAEEARABnAEEATQBRAEEAdwBBAEQASQBBAE0AUQBBAHoAQQBEAEkAQQBNAGcAQQB4AEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1233 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:34 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dde35ef5-5ac9-4c47-a024-8e57a86c48bf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHgAQQBEAEUAQQBOAFEAQQAwAEEAQwA0AEEATQBRAEEANABBAEMAMABBAE0AUQBBADMAQQBEAGcAQQBOAGcAQQAzAEEARABnAEEATQBRAEEAdwBBAEQASQBBAE0AUQBBAHoAQQBEAEkAQQBNAGcAQQB4AEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1232 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:34 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dde35ef5-5ac9-4c47-a024-8e57a86c48bf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHgAQQBEAEUAQQBOAFEAQQAwAEEAQwA0AEEATQBRAEEANABBAEMAMABBAE0AUQBBADMAQQBEAGcAQQBOAGcAQQAzAEEARABnAEEATQBRAEEAdwBBAEQASQBBAE0AUQBBAHoAQQBEAEkAQQBNAGcAQQB4AEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1231 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:34 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dde35ef5-5ac9-4c47-a024-8e57a86c48bf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHgAQQBEAEUAQQBOAFEAQQAwAEEAQwA0AEEATQBRAEEANABBAEMAMABBAE0AUQBBADMAQQBEAGcAQQBOAGcAQQAzAEEARABnAEEATQBRAEEAdwBBAEQASQBBAE0AUQBBAHoAQQBEAEkAQQBNAGcAQQB4AEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1230 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:34 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b0fb39a0-312e-47dc-8b9f-9b99e590661a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e19b2b12-5592-4c10-a13d-ef7a991e558c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1229 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:34 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ba262714-68a7-4d2c-ba04-d1fdd896ad0e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=14011fe9-9a9c-4f3e-99c1-f441f9c8eeae
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1228 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:33 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ba262714-68a7-4d2c-ba04-d1fdd896ad0e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1227 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:33 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ba262714-68a7-4d2c-ba04-d1fdd896ad0e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1226 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:33 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ba262714-68a7-4d2c-ba04-d1fdd896ad0e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1225 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:33 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ba262714-68a7-4d2c-ba04-d1fdd896ad0e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1224 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:33 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ba262714-68a7-4d2c-ba04-d1fdd896ad0e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1223 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:33 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ba262714-68a7-4d2c-ba04-d1fdd896ad0e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1222 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:33 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ba262714-68a7-4d2c-ba04-d1fdd896ad0e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1221 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:33 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ba262714-68a7-4d2c-ba04-d1fdd896ad0e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1220 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:33 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b0fb39a0-312e-47dc-8b9f-9b99e590661a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e19b2b12-5592-4c10-a13d-ef7a991e558c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1219 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:33 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b0fb39a0-312e-47dc-8b9f-9b99e590661a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1218 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:33 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b0fb39a0-312e-47dc-8b9f-9b99e590661a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1217 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:33 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b0fb39a0-312e-47dc-8b9f-9b99e590661a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1216 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:33 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b0fb39a0-312e-47dc-8b9f-9b99e590661a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1215 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:33 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b0fb39a0-312e-47dc-8b9f-9b99e590661a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1214 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:33 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b0fb39a0-312e-47dc-8b9f-9b99e590661a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1213 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:33 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=809634f9-af86-4ce1-b4a8-c55f3ae72ee7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=52cf92bc-2d34-4608-ae18-f22134422fdb
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1212 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:32 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=872f618e-cdc9-4252-bdc6-6a11e2911764
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAHkAdABoAG8AbgAgACIAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXAB0AG0AcABcAFwAZwBlAHQALQBwAGkAcAAuAHAAeQAiACAALQBjACAAIgBjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAXABjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAiACAAcABpAHAA
EngineVersion=5.1.14393.1944
RunspaceId=4eda5fb8-ce9e-4dc1-8fd6-5f2325fa7a2a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1211 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:32 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=872f618e-cdc9-4252-bdc6-6a11e2911764
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAHkAdABoAG8AbgAgACIAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXAB0AG0AcABcAFwAZwBlAHQALQBwAGkAcAAuAHAAeQAiACAALQBjACAAIgBjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAXABjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAiACAAcABpAHAA
EngineVersion=5.1.14393.1944
RunspaceId=4eda5fb8-ce9e-4dc1-8fd6-5f2325fa7a2a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1210 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=872f618e-cdc9-4252-bdc6-6a11e2911764
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAHkAdABoAG8AbgAgACIAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXAB0AG0AcABcAFwAZwBlAHQALQBwAGkAcAAuAHAAeQAiACAALQBjACAAIgBjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAXABjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAiACAAcABpAHAA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1209 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=872f618e-cdc9-4252-bdc6-6a11e2911764
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAHkAdABoAG8AbgAgACIAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXAB0AG0AcABcAFwAZwBlAHQALQBwAGkAcAAuAHAAeQAiACAALQBjACAAIgBjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAXABjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAiACAAcABpAHAA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1208 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=872f618e-cdc9-4252-bdc6-6a11e2911764
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAHkAdABoAG8AbgAgACIAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXAB0AG0AcABcAFwAZwBlAHQALQBwAGkAcAAuAHAAeQAiACAALQBjACAAIgBjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAXABjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAiACAAcABpAHAA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1207 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=872f618e-cdc9-4252-bdc6-6a11e2911764
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAHkAdABoAG8AbgAgACIAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXAB0AG0AcABcAFwAZwBlAHQALQBwAGkAcAAuAHAAeQAiACAALQBjACAAIgBjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAXABjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAiACAAcABpAHAA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1206 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=872f618e-cdc9-4252-bdc6-6a11e2911764
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAHkAdABoAG8AbgAgACIAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXAB0AG0AcABcAFwAZwBlAHQALQBwAGkAcAAuAHAAeQAiACAALQBjACAAIgBjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAXABjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAiACAAcABpAHAA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1205 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=872f618e-cdc9-4252-bdc6-6a11e2911764
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAHkAdABoAG8AbgAgACIAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXAB0AG0AcABcAFwAZwBlAHQALQBwAGkAcAAuAHAAeQAiACAALQBjACAAIgBjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAXABjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAiACAAcABpAHAA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1204 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0eb57353-aa6b-448e-85ad-337ff522f499
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=fdd56db4-9b83-495a-84de-ff1f0b6b86d9
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1203 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0eb57353-aa6b-448e-85ad-337ff522f499
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=fdd56db4-9b83-495a-84de-ff1f0b6b86d9
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1202 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0eb57353-aa6b-448e-85ad-337ff522f499
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1201 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0eb57353-aa6b-448e-85ad-337ff522f499
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1200 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0eb57353-aa6b-448e-85ad-337ff522f499
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1199 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0eb57353-aa6b-448e-85ad-337ff522f499
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1198 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0eb57353-aa6b-448e-85ad-337ff522f499
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1197 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0eb57353-aa6b-448e-85ad-337ff522f499
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1196 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0eb57353-aa6b-448e-85ad-337ff522f499
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1195 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0eb57353-aa6b-448e-85ad-337ff522f499
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1194 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=809634f9-af86-4ce1-b4a8-c55f3ae72ee7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=52cf92bc-2d34-4608-ae18-f22134422fdb
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1193 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=809634f9-af86-4ce1-b4a8-c55f3ae72ee7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1192 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=809634f9-af86-4ce1-b4a8-c55f3ae72ee7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1191 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=809634f9-af86-4ce1-b4a8-c55f3ae72ee7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1190 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=809634f9-af86-4ce1-b4a8-c55f3ae72ee7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1189 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=809634f9-af86-4ce1-b4a8-c55f3ae72ee7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1188 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=809634f9-af86-4ce1-b4a8-c55f3ae72ee7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1187 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=38fdc78b-6959-4450-a8a7-e8bf43cd7551
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAFEAQQB4AEEARABNAEEATQBnAEEAdQBBAEQAYwBBAE0AdwBBAHQAQQBEAEkAQQBNAEEAQQA1AEEARABJAEEATQBnAEEANQBBAEQAQQBBAE0AQQBBAHgAQQBEAEkAQQBPAEEAQQB5AEEARABZAEEATQBRAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=e3225b46-bc2f-4bfd-8c02-b35bf5c7e380
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1186 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4c506bdb-7f6a-4f53-bf1b-d59fb2e7786b
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAxADMAMgAuADcAMwAtADIAMAA5ADIAMgA5ADAAMAAxADIAOAAyADYAMQAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=ac4eaa1b-0034-46d1-b6f3-81d8d7c2e55f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1185 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4c506bdb-7f6a-4f53-bf1b-d59fb2e7786b
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAxADMAMgAuADcAMwAtADIAMAA5ADIAMgA5ADAAMAAxADIAOAAyADYAMQAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=ac4eaa1b-0034-46d1-b6f3-81d8d7c2e55f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1184 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4c506bdb-7f6a-4f53-bf1b-d59fb2e7786b
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAxADMAMgAuADcAMwAtADIAMAA5ADIAMgA5ADAAMAAxADIAOAAyADYAMQAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1183 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4c506bdb-7f6a-4f53-bf1b-d59fb2e7786b
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAxADMAMgAuADcAMwAtADIAMAA5ADIAMgA5ADAAMAAxADIAOAAyADYAMQAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1182 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4c506bdb-7f6a-4f53-bf1b-d59fb2e7786b
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAxADMAMgAuADcAMwAtADIAMAA5ADIAMgA5ADAAMAAxADIAOAAyADYAMQAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1181 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4c506bdb-7f6a-4f53-bf1b-d59fb2e7786b
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAxADMAMgAuADcAMwAtADIAMAA5ADIAMgA5ADAAMAAxADIAOAAyADYAMQAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1180 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4c506bdb-7f6a-4f53-bf1b-d59fb2e7786b
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAxADMAMgAuADcAMwAtADIAMAA5ADIAMgA5ADAAMAAxADIAOAAyADYAMQAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1179 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4c506bdb-7f6a-4f53-bf1b-d59fb2e7786b
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAxADMAMgAuADcAMwAtADIAMAA5ADIAMgA5ADAAMAAxADIAOAAyADYAMQAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1178 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=38fdc78b-6959-4450-a8a7-e8bf43cd7551
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAFEAQQB4AEEARABNAEEATQBnAEEAdQBBAEQAYwBBAE0AdwBBAHQAQQBEAEkAQQBNAEEAQQA1AEEARABJAEEATQBnAEEANQBBAEQAQQBBAE0AQQBBAHgAQQBEAEkAQQBPAEEAQQB5AEEARABZAEEATQBRAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=e3225b46-bc2f-4bfd-8c02-b35bf5c7e380
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1177 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=38fdc78b-6959-4450-a8a7-e8bf43cd7551
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAFEAQQB4AEEARABNAEEATQBnAEEAdQBBAEQAYwBBAE0AdwBBAHQAQQBEAEkAQQBNAEEAQQA1AEEARABJAEEATQBnAEEANQBBAEQAQQBBAE0AQQBBAHgAQQBEAEkAQQBPAEEAQQB5AEEARABZAEEATQBRAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1176 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=38fdc78b-6959-4450-a8a7-e8bf43cd7551
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAFEAQQB4AEEARABNAEEATQBnAEEAdQBBAEQAYwBBAE0AdwBBAHQAQQBEAEkAQQBNAEEAQQA1AEEARABJAEEATQBnAEEANQBBAEQAQQBBAE0AQQBBAHgAQQBEAEkAQQBPAEEAQQB5AEEARABZAEEATQBRAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1175 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=38fdc78b-6959-4450-a8a7-e8bf43cd7551
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAFEAQQB4AEEARABNAEEATQBnAEEAdQBBAEQAYwBBAE0AdwBBAHQAQQBEAEkAQQBNAEEAQQA1AEEARABJAEEATQBnAEEANQBBAEQAQQBBAE0AQQBBAHgAQQBEAEkAQQBPAEEAQQB5AEEARABZAEEATQBRAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1174 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=38fdc78b-6959-4450-a8a7-e8bf43cd7551
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAFEAQQB4AEEARABNAEEATQBnAEEAdQBBAEQAYwBBAE0AdwBBAHQAQQBEAEkAQQBNAEEAQQA1AEEARABJAEEATQBnAEEANQBBAEQAQQBBAE0AQQBBAHgAQQBEAEkAQQBPAEEAQQB5AEEARABZAEEATQBRAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1173 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=38fdc78b-6959-4450-a8a7-e8bf43cd7551
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAFEAQQB4AEEARABNAEEATQBnAEEAdQBBAEQAYwBBAE0AdwBBAHQAQQBEAEkAQQBNAEEAQQA1AEEARABJAEEATQBnAEEANQBBAEQAQQBBAE0AQQBBAHgAQQBEAEkAQQBPAEEAQQB5AEEARABZAEEATQBRAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1172 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=38fdc78b-6959-4450-a8a7-e8bf43cd7551
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAFEAQQB4AEEARABNAEEATQBnAEEAdQBBAEQAYwBBAE0AdwBBAHQAQQBEAEkAQQBNAEEAQQA1AEEARABJAEEATQBnAEEANQBBAEQAQQBBAE0AQQBBAHgAQQBEAEkAQQBPAEEAQQB5AEEARABZAEEATQBRAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1171 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c8c82364-2836-4e98-9bb3-eab60b1976fe
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=1377b82c-99db-40d3-a4c5-5bfca603bf85
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1170 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=00bb1cb2-9093-489a-ac13-598490830164
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=1448dab8-5e3f-4990-8423-c87331b1df8a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1169 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=00bb1cb2-9093-489a-ac13-598490830164
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1168 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=00bb1cb2-9093-489a-ac13-598490830164
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1167 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=00bb1cb2-9093-489a-ac13-598490830164
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1166 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=00bb1cb2-9093-489a-ac13-598490830164
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1165 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=00bb1cb2-9093-489a-ac13-598490830164
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1164 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=00bb1cb2-9093-489a-ac13-598490830164
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1163 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=00bb1cb2-9093-489a-ac13-598490830164
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1162 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=00bb1cb2-9093-489a-ac13-598490830164
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1161 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c8c82364-2836-4e98-9bb3-eab60b1976fe
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=1377b82c-99db-40d3-a4c5-5bfca603bf85
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1160 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c8c82364-2836-4e98-9bb3-eab60b1976fe
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1159 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c8c82364-2836-4e98-9bb3-eab60b1976fe
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1158 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c8c82364-2836-4e98-9bb3-eab60b1976fe
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1157 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c8c82364-2836-4e98-9bb3-eab60b1976fe
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1156 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c8c82364-2836-4e98-9bb3-eab60b1976fe
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1155 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c8c82364-2836-4e98-9bb3-eab60b1976fe
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1154 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=546367d2-6687-4fad-9517-ff5466352e65
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAxADMAMgAuADcAMwAtADIAMAA5ADIAMgA5ADAAMAAxADIAOAAyADYAMQAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=e5c6e4a6-534d-4e8a-b655-d79bf45c3237
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1153 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=546367d2-6687-4fad-9517-ff5466352e65
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAxADMAMgAuADcAMwAtADIAMAA5ADIAMgA5ADAAMAAxADIAOAAyADYAMQAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=e5c6e4a6-534d-4e8a-b655-d79bf45c3237
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1152 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=546367d2-6687-4fad-9517-ff5466352e65
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAxADMAMgAuADcAMwAtADIAMAA5ADIAMgA5ADAAMAAxADIAOAAyADYAMQAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1151 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=546367d2-6687-4fad-9517-ff5466352e65
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAxADMAMgAuADcAMwAtADIAMAA5ADIAMgA5ADAAMAAxADIAOAAyADYAMQAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1150 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=546367d2-6687-4fad-9517-ff5466352e65
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAxADMAMgAuADcAMwAtADIAMAA5ADIAMgA5ADAAMAAxADIAOAAyADYAMQAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1149 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=546367d2-6687-4fad-9517-ff5466352e65
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAxADMAMgAuADcAMwAtADIAMAA5ADIAMgA5ADAAMAAxADIAOAAyADYAMQAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1148 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=546367d2-6687-4fad-9517-ff5466352e65
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAxADMAMgAuADcAMwAtADIAMAA5ADIAMgA5ADAAMAAxADIAOAAyADYAMQAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1147 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=546367d2-6687-4fad-9517-ff5466352e65
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAxADMAMgAuADcAMwAtADIAMAA5ADIAMgA5ADAAMAAxADIAOAAyADYAMQAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1146 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3e68484a-0629-4a6b-88b3-92dbe78c9616
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHgAQQBEAEUAQQBNAHcAQQB5AEEAQwA0AEEATgB3AEEAegBBAEMAMABBAE0AZwBBAHcAQQBEAGsAQQBNAGcAQQB5AEEARABrAEEATQBBAEEAdwBBAEQARQBBAE0AZwBBADQAQQBEAEkAQQBOAGcAQQB4AEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=a003361b-9343-4a1a-90f9-a2c7c3b2e088
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1145 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0205acfc-2108-4bf9-a170-d08a257853f1
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAxADEAMwAyAC4ANwAzAC0AMgAwADkAMgAyADkAMAAwADEAMgA4ADIANgAxADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=e6374acf-4281-47d2-85b1-7b560e1030d7
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1144 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0205acfc-2108-4bf9-a170-d08a257853f1
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAxADEAMwAyAC4ANwAzAC0AMgAwADkAMgAyADkAMAAwADEAMgA4ADIANgAxADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=e6374acf-4281-47d2-85b1-7b560e1030d7
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1143 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0205acfc-2108-4bf9-a170-d08a257853f1
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAxADEAMwAyAC4ANwAzAC0AMgAwADkAMgAyADkAMAAwADEAMgA4ADIANgAxADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1142 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0205acfc-2108-4bf9-a170-d08a257853f1
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAxADEAMwAyAC4ANwAzAC0AMgAwADkAMgAyADkAMAAwADEAMgA4ADIANgAxADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1141 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0205acfc-2108-4bf9-a170-d08a257853f1
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAxADEAMwAyAC4ANwAzAC0AMgAwADkAMgAyADkAMAAwADEAMgA4ADIANgAxADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1140 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0205acfc-2108-4bf9-a170-d08a257853f1
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAxADEAMwAyAC4ANwAzAC0AMgAwADkAMgAyADkAMAAwADEAMgA4ADIANgAxADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1139 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0205acfc-2108-4bf9-a170-d08a257853f1
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAxADEAMwAyAC4ANwAzAC0AMgAwADkAMgAyADkAMAAwADEAMgA4ADIANgAxADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1138 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0205acfc-2108-4bf9-a170-d08a257853f1
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAxADEAMwAyAC4ANwAzAC0AMgAwADkAMgAyADkAMAAwADEAMgA4ADIANgAxADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1137 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3e68484a-0629-4a6b-88b3-92dbe78c9616
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHgAQQBEAEUAQQBNAHcAQQB5AEEAQwA0AEEATgB3AEEAegBBAEMAMABBAE0AZwBBAHcAQQBEAGsAQQBNAGcAQQB5AEEARABrAEEATQBBAEEAdwBBAEQARQBBAE0AZwBBADQAQQBEAEkAQQBOAGcAQQB4AEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=a003361b-9343-4a1a-90f9-a2c7c3b2e088
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1136 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3e68484a-0629-4a6b-88b3-92dbe78c9616
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHgAQQBEAEUAQQBNAHcAQQB5AEEAQwA0AEEATgB3AEEAegBBAEMAMABBAE0AZwBBAHcAQQBEAGsAQQBNAGcAQQB5AEEARABrAEEATQBBAEEAdwBBAEQARQBBAE0AZwBBADQAQQBEAEkAQQBOAGcAQQB4AEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1135 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3e68484a-0629-4a6b-88b3-92dbe78c9616
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHgAQQBEAEUAQQBNAHcAQQB5AEEAQwA0AEEATgB3AEEAegBBAEMAMABBAE0AZwBBAHcAQQBEAGsAQQBNAGcAQQB5AEEARABrAEEATQBBAEEAdwBBAEQARQBBAE0AZwBBADQAQQBEAEkAQQBOAGcAQQB4AEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1134 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3e68484a-0629-4a6b-88b3-92dbe78c9616
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHgAQQBEAEUAQQBNAHcAQQB5AEEAQwA0AEEATgB3AEEAegBBAEMAMABBAE0AZwBBAHcAQQBEAGsAQQBNAGcAQQB5AEEARABrAEEATQBBAEEAdwBBAEQARQBBAE0AZwBBADQAQQBEAEkAQQBOAGcAQQB4AEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1133 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3e68484a-0629-4a6b-88b3-92dbe78c9616
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHgAQQBEAEUAQQBNAHcAQQB5AEEAQwA0AEEATgB3AEEAegBBAEMAMABBAE0AZwBBAHcAQQBEAGsAQQBNAGcAQQB5AEEARABrAEEATQBBAEEAdwBBAEQARQBBAE0AZwBBADQAQQBEAEkAQQBOAGcAQQB4AEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1132 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3e68484a-0629-4a6b-88b3-92dbe78c9616
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHgAQQBEAEUAQQBNAHcAQQB5AEEAQwA0AEEATgB3AEEAegBBAEMAMABBAE0AZwBBAHcAQQBEAGsAQQBNAGcAQQB5AEEARABrAEEATQBBAEEAdwBBAEQARQBBAE0AZwBBADQAQQBEAEkAQQBOAGcAQQB4AEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1131 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3e68484a-0629-4a6b-88b3-92dbe78c9616
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHgAQQBEAEUAQQBNAHcAQQB5AEEAQwA0AEEATgB3AEEAegBBAEMAMABBAE0AZwBBAHcAQQBEAGsAQQBNAGcAQQB5AEEARABrAEEATQBBAEEAdwBBAEQARQBBAE0AZwBBADQAQQBEAEkAQQBOAGcAQQB4AEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1130 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=50209e18-2457-4c0f-8c51-33c2dfa32aab
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=457541bd-2d31-4586-97ff-99075d8e170f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1129 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=73125a04-d28c-4f65-bd68-686c7c658eac
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=0bc29b43-af0b-49d5-a4ac-10138e74cdc3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1128 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=73125a04-d28c-4f65-bd68-686c7c658eac
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1127 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=73125a04-d28c-4f65-bd68-686c7c658eac
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1126 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=73125a04-d28c-4f65-bd68-686c7c658eac
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1125 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=73125a04-d28c-4f65-bd68-686c7c658eac
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1124 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=73125a04-d28c-4f65-bd68-686c7c658eac
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1123 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=73125a04-d28c-4f65-bd68-686c7c658eac
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1122 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=73125a04-d28c-4f65-bd68-686c7c658eac
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1121 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=73125a04-d28c-4f65-bd68-686c7c658eac
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1120 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=50209e18-2457-4c0f-8c51-33c2dfa32aab
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=457541bd-2d31-4586-97ff-99075d8e170f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1119 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=50209e18-2457-4c0f-8c51-33c2dfa32aab
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1118 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=50209e18-2457-4c0f-8c51-33c2dfa32aab
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1117 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=50209e18-2457-4c0f-8c51-33c2dfa32aab
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1116 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=50209e18-2457-4c0f-8c51-33c2dfa32aab
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1115 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=50209e18-2457-4c0f-8c51-33c2dfa32aab
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1114 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=50209e18-2457-4c0f-8c51-33c2dfa32aab
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1113 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5bc0abc2-cee9-4e73-8964-be3f5c7a9db1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=4aa2e680-d071-4d84-a8e4-1b0e92b6e191
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1112 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $webclient_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=18a1dde6-e587-4dd4-b176-59458f1b476f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=0ff90ca4-09eb-42dc-8b53-6c7738adbb6b
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $webclient_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value=" using System.Net;
public class ExtendedWebClient : WebClient {
public int Timeout;
public ExtendedWebClient() {
Timeout = 600000; // Default timeout value
}
protected override WebRequest GetWebRequest(System.Uri address) {
WebRequest request = base.GetWebRequest(address);
request.Timeout = Timeout;
return request;
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1111 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=18a1dde6-e587-4dd4-b176-59458f1b476f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=0ff90ca4-09eb-42dc-8b53-6c7738adbb6b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1110 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=18a1dde6-e587-4dd4-b176-59458f1b476f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1109 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=18a1dde6-e587-4dd4-b176-59458f1b476f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1108 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=18a1dde6-e587-4dd4-b176-59458f1b476f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1107 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=18a1dde6-e587-4dd4-b176-59458f1b476f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1106 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=18a1dde6-e587-4dd4-b176-59458f1b476f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1105 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=18a1dde6-e587-4dd4-b176-59458f1b476f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1104 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=18a1dde6-e587-4dd4-b176-59458f1b476f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1103 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=18a1dde6-e587-4dd4-b176-59458f1b476f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1102 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5bc0abc2-cee9-4e73-8964-be3f5c7a9db1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=4aa2e680-d071-4d84-a8e4-1b0e92b6e191
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1101 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5bc0abc2-cee9-4e73-8964-be3f5c7a9db1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1100 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5bc0abc2-cee9-4e73-8964-be3f5c7a9db1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1099 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5bc0abc2-cee9-4e73-8964-be3f5c7a9db1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1098 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5bc0abc2-cee9-4e73-8964-be3f5c7a9db1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1097 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5bc0abc2-cee9-4e73-8964-be3f5c7a9db1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1096 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5bc0abc2-cee9-4e73-8964-be3f5c7a9db1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1095 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e941559d-5063-4922-8c93-fd343bcee751
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=8eb4c97d-0201-4af9-9228-2d50236e757d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1094 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:08 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=09d46bb4-3ef3-4d25-866b-aee2006d1974
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=52e5f5ce-0537-43ce-8d02-a71b14f5739e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1093 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:08 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=09d46bb4-3ef3-4d25-866b-aee2006d1974
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1092 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:08 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=09d46bb4-3ef3-4d25-866b-aee2006d1974
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1091 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:08 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=09d46bb4-3ef3-4d25-866b-aee2006d1974
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1090 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:08 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=09d46bb4-3ef3-4d25-866b-aee2006d1974
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1089 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:08 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=09d46bb4-3ef3-4d25-866b-aee2006d1974
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1088 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:08 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=09d46bb4-3ef3-4d25-866b-aee2006d1974
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1087 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:08 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=09d46bb4-3ef3-4d25-866b-aee2006d1974
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1086 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:08 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=09d46bb4-3ef3-4d25-866b-aee2006d1974
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1085 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:08 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e941559d-5063-4922-8c93-fd343bcee751
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=8eb4c97d-0201-4af9-9228-2d50236e757d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1084 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:07 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e941559d-5063-4922-8c93-fd343bcee751
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1083 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:07 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e941559d-5063-4922-8c93-fd343bcee751
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1082 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:07 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e941559d-5063-4922-8c93-fd343bcee751
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1081 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:07 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e941559d-5063-4922-8c93-fd343bcee751
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1080 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:07 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e941559d-5063-4922-8c93-fd343bcee751
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1079 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:07 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e941559d-5063-4922-8c93-fd343bcee751
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1078 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:07 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e47443a3-f548-46be-b260-d4cfd83ad727
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e1641416-f871-4871-8cea-45a497a9856c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1077 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:12:07 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -AssemblyName System.IO.Compression.FileSystem
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6ccee622-53cc-4ea8-bab1-5a1a51de3eec
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b96eb2b7-136a-48ca-9828-c4366e8e5435
PipelineId=5
ScriptName=
CommandLine= Add-Type -AssemblyName System.IO.Compression.FileSystem
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="AssemblyName"; value="System.IO.Compression.FileSystem"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1076 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:45 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6ccee622-53cc-4ea8-bab1-5a1a51de3eec
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b96eb2b7-136a-48ca-9828-c4366e8e5435
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1075 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:45 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6ccee622-53cc-4ea8-bab1-5a1a51de3eec
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1074 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:45 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6ccee622-53cc-4ea8-bab1-5a1a51de3eec
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1073 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:45 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6ccee622-53cc-4ea8-bab1-5a1a51de3eec
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1072 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:45 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6ccee622-53cc-4ea8-bab1-5a1a51de3eec
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1071 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:45 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6ccee622-53cc-4ea8-bab1-5a1a51de3eec
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1070 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:45 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6ccee622-53cc-4ea8-bab1-5a1a51de3eec
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1069 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:45 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6ccee622-53cc-4ea8-bab1-5a1a51de3eec
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1068 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:45 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6ccee622-53cc-4ea8-bab1-5a1a51de3eec
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1067 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:45 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e47443a3-f548-46be-b260-d4cfd83ad727
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e1641416-f871-4871-8cea-45a497a9856c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1066 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:44 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e47443a3-f548-46be-b260-d4cfd83ad727
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1065 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:44 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e47443a3-f548-46be-b260-d4cfd83ad727
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1064 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:44 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e47443a3-f548-46be-b260-d4cfd83ad727
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1063 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:44 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e47443a3-f548-46be-b260-d4cfd83ad727
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1062 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:44 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e47443a3-f548-46be-b260-d4cfd83ad727
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1061 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:44 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e47443a3-f548-46be-b260-d4cfd83ad727
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1060 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:44 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cba52f35-03a5-4164-b98a-5bcacc20cbb7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=77fe2ed9-6e72-41d5-b375-e510f7595d95
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1059 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:43 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $webclient_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=702fb976-6814-4d68-bfae-70a53008a5b7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=aa0b91de-4694-4715-9235-f5d65777a64b
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $webclient_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value=" using System.Net;
public class ExtendedWebClient : WebClient {
public int Timeout;
public ExtendedWebClient() {
Timeout = 600000; // Default timeout value
}
protected override WebRequest GetWebRequest(System.Uri address) {
WebRequest request = base.GetWebRequest(address);
request.Timeout = Timeout;
return request;
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1058 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:42 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=702fb976-6814-4d68-bfae-70a53008a5b7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=aa0b91de-4694-4715-9235-f5d65777a64b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1057 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:42 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=702fb976-6814-4d68-bfae-70a53008a5b7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1056 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:42 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=702fb976-6814-4d68-bfae-70a53008a5b7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1055 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:42 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=702fb976-6814-4d68-bfae-70a53008a5b7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1054 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:42 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=702fb976-6814-4d68-bfae-70a53008a5b7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1053 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:42 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=702fb976-6814-4d68-bfae-70a53008a5b7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1052 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:42 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=702fb976-6814-4d68-bfae-70a53008a5b7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1051 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:42 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=702fb976-6814-4d68-bfae-70a53008a5b7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1050 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:42 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=702fb976-6814-4d68-bfae-70a53008a5b7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1049 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:42 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cba52f35-03a5-4164-b98a-5bcacc20cbb7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=77fe2ed9-6e72-41d5-b375-e510f7595d95
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1048 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:41 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cba52f35-03a5-4164-b98a-5bcacc20cbb7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1047 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:41 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cba52f35-03a5-4164-b98a-5bcacc20cbb7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1046 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:41 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cba52f35-03a5-4164-b98a-5bcacc20cbb7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1045 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:41 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cba52f35-03a5-4164-b98a-5bcacc20cbb7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1044 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:41 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cba52f35-03a5-4164-b98a-5bcacc20cbb7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1043 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:41 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cba52f35-03a5-4164-b98a-5bcacc20cbb7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1042 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:41 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bee47281-dd7f-4026-9b85-9c09f9b05016
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9e3eac3a-a53d-4700-908d-d8a31e4d6190
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1041 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:41 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=755d0c8b-4ff4-4748-8255-1f5a55be31e2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=65a0b5fc-85a7-4a0f-b8ee-3da19f94b519
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1040 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:40 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=755d0c8b-4ff4-4748-8255-1f5a55be31e2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1039 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:40 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=755d0c8b-4ff4-4748-8255-1f5a55be31e2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1038 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:40 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=755d0c8b-4ff4-4748-8255-1f5a55be31e2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1037 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:40 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=755d0c8b-4ff4-4748-8255-1f5a55be31e2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1036 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:40 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=755d0c8b-4ff4-4748-8255-1f5a55be31e2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1035 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:40 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=755d0c8b-4ff4-4748-8255-1f5a55be31e2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1034 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:40 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=755d0c8b-4ff4-4748-8255-1f5a55be31e2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1033 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:40 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=755d0c8b-4ff4-4748-8255-1f5a55be31e2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1032 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:40 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bee47281-dd7f-4026-9b85-9c09f9b05016
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9e3eac3a-a53d-4700-908d-d8a31e4d6190
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1031 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:40 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bee47281-dd7f-4026-9b85-9c09f9b05016
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1030 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:39 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bee47281-dd7f-4026-9b85-9c09f9b05016
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1029 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:39 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bee47281-dd7f-4026-9b85-9c09f9b05016
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1028 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:39 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bee47281-dd7f-4026-9b85-9c09f9b05016
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1027 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:39 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bee47281-dd7f-4026-9b85-9c09f9b05016
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1026 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:39 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bee47281-dd7f-4026-9b85-9c09f9b05016
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1025 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:39 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ba71780b-72cd-49ae-831f-61e86a7bced2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9e770770-4afe-499c-bc09-4c558cf7c0a4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1024 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:39 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3d013440-4206-4d22-963a-da5ebe1ad3a3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=f97127c8-336b-4a3e-b261-c2c5223fd4f8
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1023 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:39 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3d013440-4206-4d22-963a-da5ebe1ad3a3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1022 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:39 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3d013440-4206-4d22-963a-da5ebe1ad3a3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1021 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:39 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3d013440-4206-4d22-963a-da5ebe1ad3a3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1020 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:39 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3d013440-4206-4d22-963a-da5ebe1ad3a3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1019 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:39 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3d013440-4206-4d22-963a-da5ebe1ad3a3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1018 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:39 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3d013440-4206-4d22-963a-da5ebe1ad3a3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1017 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:39 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3d013440-4206-4d22-963a-da5ebe1ad3a3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1016 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:39 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3d013440-4206-4d22-963a-da5ebe1ad3a3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1015 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:39 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ba71780b-72cd-49ae-831f-61e86a7bced2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9e770770-4afe-499c-bc09-4c558cf7c0a4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1014 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:38 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ba71780b-72cd-49ae-831f-61e86a7bced2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1013 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:38 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ba71780b-72cd-49ae-831f-61e86a7bced2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1012 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:38 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ba71780b-72cd-49ae-831f-61e86a7bced2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1011 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:38 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ba71780b-72cd-49ae-831f-61e86a7bced2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1010 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:38 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ba71780b-72cd-49ae-831f-61e86a7bced2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1009 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:38 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ba71780b-72cd-49ae-831f-61e86a7bced2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1008 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:38 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=96c9f085-c634-4693-b81c-ff96a1ea7233
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b30921c5-a4c1-4d35-bccb-e797abff9dc2
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1007 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:37 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -AssemblyName System.IO.Compression.FileSystem
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=68cc425f-aee9-4e74-86bd-78ec9e8bbc36
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9eb1bcab-2a53-43f3-8467-769d6a67c251
PipelineId=5
ScriptName=
CommandLine= Add-Type -AssemblyName System.IO.Compression.FileSystem
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="AssemblyName"; value="System.IO.Compression.FileSystem"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1006 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:36 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=68cc425f-aee9-4e74-86bd-78ec9e8bbc36
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9eb1bcab-2a53-43f3-8467-769d6a67c251
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1005 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:36 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=68cc425f-aee9-4e74-86bd-78ec9e8bbc36
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1004 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:36 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=68cc425f-aee9-4e74-86bd-78ec9e8bbc36
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1003 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:36 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=68cc425f-aee9-4e74-86bd-78ec9e8bbc36
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1002 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:36 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=68cc425f-aee9-4e74-86bd-78ec9e8bbc36
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1001 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:36 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=68cc425f-aee9-4e74-86bd-78ec9e8bbc36
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1000 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:36 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=68cc425f-aee9-4e74-86bd-78ec9e8bbc36
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 999 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:36 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=68cc425f-aee9-4e74-86bd-78ec9e8bbc36
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 998 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:36 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=68cc425f-aee9-4e74-86bd-78ec9e8bbc36
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 997 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:36 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=96c9f085-c634-4693-b81c-ff96a1ea7233
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b30921c5-a4c1-4d35-bccb-e797abff9dc2
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 996 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:35 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=96c9f085-c634-4693-b81c-ff96a1ea7233
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 995 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:35 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=96c9f085-c634-4693-b81c-ff96a1ea7233
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 994 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:35 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=96c9f085-c634-4693-b81c-ff96a1ea7233
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 993 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:35 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=96c9f085-c634-4693-b81c-ff96a1ea7233
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 992 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:35 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=96c9f085-c634-4693-b81c-ff96a1ea7233
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 991 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:35 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=96c9f085-c634-4693-b81c-ff96a1ea7233
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 990 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:35 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b318c820-565b-47fc-979d-f493621f4d8b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=4ada8307-46b3-4a96-be63-b7ee2359783b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 989 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:35 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $webclient_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c43c9ccc-4125-4675-bcb7-aa9cc697c90c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=7a663331-9c99-4b74-bae1-f197107cecb3
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $webclient_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value=" using System.Net;
public class ExtendedWebClient : WebClient {
public int Timeout;
public ExtendedWebClient() {
Timeout = 600000; // Default timeout value
}
protected override WebRequest GetWebRequest(System.Uri address) {
WebRequest request = base.GetWebRequest(address);
request.Timeout = Timeout;
return request;
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 988 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:34 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c43c9ccc-4125-4675-bcb7-aa9cc697c90c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=7a663331-9c99-4b74-bae1-f197107cecb3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 987 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:34 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c43c9ccc-4125-4675-bcb7-aa9cc697c90c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 986 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:34 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c43c9ccc-4125-4675-bcb7-aa9cc697c90c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 985 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:34 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c43c9ccc-4125-4675-bcb7-aa9cc697c90c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 984 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:34 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c43c9ccc-4125-4675-bcb7-aa9cc697c90c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 983 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:34 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c43c9ccc-4125-4675-bcb7-aa9cc697c90c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 982 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:34 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c43c9ccc-4125-4675-bcb7-aa9cc697c90c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 981 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:34 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c43c9ccc-4125-4675-bcb7-aa9cc697c90c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 980 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:34 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c43c9ccc-4125-4675-bcb7-aa9cc697c90c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 979 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:34 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b318c820-565b-47fc-979d-f493621f4d8b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=4ada8307-46b3-4a96-be63-b7ee2359783b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 978 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:33 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b318c820-565b-47fc-979d-f493621f4d8b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 977 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:33 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b318c820-565b-47fc-979d-f493621f4d8b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 976 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:33 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b318c820-565b-47fc-979d-f493621f4d8b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 975 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:33 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b318c820-565b-47fc-979d-f493621f4d8b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 974 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:33 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b318c820-565b-47fc-979d-f493621f4d8b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 973 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:33 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b318c820-565b-47fc-979d-f493621f4d8b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 972 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:33 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cc9642d1-9d8f-4682-a29a-ba6d70be3bed
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=003c8bcb-1fe4-47aa-9ab3-e1cf54870995
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 971 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:32 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=54785bf2-b8ba-4b49-bd1f-aa312e14be4e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=14516304-a4b0-4a53-a32d-bf024360bf65
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 970 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:32 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=54785bf2-b8ba-4b49-bd1f-aa312e14be4e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 969 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:32 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=54785bf2-b8ba-4b49-bd1f-aa312e14be4e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 968 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:32 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=54785bf2-b8ba-4b49-bd1f-aa312e14be4e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 967 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:32 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=54785bf2-b8ba-4b49-bd1f-aa312e14be4e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 966 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:32 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=54785bf2-b8ba-4b49-bd1f-aa312e14be4e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 965 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:32 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=54785bf2-b8ba-4b49-bd1f-aa312e14be4e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 964 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:32 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=54785bf2-b8ba-4b49-bd1f-aa312e14be4e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 963 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:32 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=54785bf2-b8ba-4b49-bd1f-aa312e14be4e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 962 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:32 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cc9642d1-9d8f-4682-a29a-ba6d70be3bed
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=003c8bcb-1fe4-47aa-9ab3-e1cf54870995
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 961 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:31 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cc9642d1-9d8f-4682-a29a-ba6d70be3bed
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 960 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:31 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cc9642d1-9d8f-4682-a29a-ba6d70be3bed
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 959 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:31 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cc9642d1-9d8f-4682-a29a-ba6d70be3bed
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 958 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:31 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cc9642d1-9d8f-4682-a29a-ba6d70be3bed
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 957 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:31 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cc9642d1-9d8f-4682-a29a-ba6d70be3bed
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 956 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:31 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cc9642d1-9d8f-4682-a29a-ba6d70be3bed
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 955 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:31 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b7267cf4-483e-418d-a14d-a2d747a4726f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAFEAQQB3AEEARABJAEEATgBRAEEAdQBBAEQAWQBBAE4AdwBBAHQAQQBEAEkAQQBNAFEAQQB5AEEARABFAEEATgBnAEEAdwBBAEQAQQBBAE4AZwBBADIAQQBEAEkAQQBOAGcAQQAzAEEARABVAEEATgBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=5.1.14393.1944
RunspaceId=25029cc6-01e9-4203-9a39-87674f9b7261
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 954 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:30 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5900b44e-0e3a-40ed-82ae-9ef942c3681c
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADIANQAuADYANwAtADIAMQAyADEANgAwADAANgA2ADIANgA3ADUANAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=2114c0a4-bb54-4d5f-8e34-e78f2cdc08a4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 953 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:30 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5900b44e-0e3a-40ed-82ae-9ef942c3681c
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADIANQAuADYANwAtADIAMQAyADEANgAwADAANgA2ADIANgA3ADUANAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=2114c0a4-bb54-4d5f-8e34-e78f2cdc08a4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 952 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:30 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5900b44e-0e3a-40ed-82ae-9ef942c3681c
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADIANQAuADYANwAtADIAMQAyADEANgAwADAANgA2ADIANgA3ADUANAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 951 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:30 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5900b44e-0e3a-40ed-82ae-9ef942c3681c
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADIANQAuADYANwAtADIAMQAyADEANgAwADAANgA2ADIANgA3ADUANAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 950 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:30 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5900b44e-0e3a-40ed-82ae-9ef942c3681c
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADIANQAuADYANwAtADIAMQAyADEANgAwADAANgA2ADIANgA3ADUANAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 949 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:30 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5900b44e-0e3a-40ed-82ae-9ef942c3681c
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADIANQAuADYANwAtADIAMQAyADEANgAwADAANgA2ADIANgA3ADUANAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 948 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:30 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5900b44e-0e3a-40ed-82ae-9ef942c3681c
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADIANQAuADYANwAtADIAMQAyADEANgAwADAANgA2ADIANgA3ADUANAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 947 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:30 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5900b44e-0e3a-40ed-82ae-9ef942c3681c
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADIANQAuADYANwAtADIAMQAyADEANgAwADAANgA2ADIANgA3ADUANAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 946 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:30 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b7267cf4-483e-418d-a14d-a2d747a4726f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAFEAQQB3AEEARABJAEEATgBRAEEAdQBBAEQAWQBBAE4AdwBBAHQAQQBEAEkAQQBNAFEAQQB5AEEARABFAEEATgBnAEEAdwBBAEQAQQBBAE4AZwBBADIAQQBEAEkAQQBOAGcAQQAzAEEARABVAEEATgBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=5.1.14393.1944
RunspaceId=25029cc6-01e9-4203-9a39-87674f9b7261
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 945 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:30 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b7267cf4-483e-418d-a14d-a2d747a4726f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAFEAQQB3AEEARABJAEEATgBRAEEAdQBBAEQAWQBBAE4AdwBBAHQAQQBEAEkAQQBNAFEAQQB5AEEARABFAEEATgBnAEEAdwBBAEQAQQBBAE4AZwBBADIAQQBEAEkAQQBOAGcAQQAzAEEARABVAEEATgBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 944 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:30 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b7267cf4-483e-418d-a14d-a2d747a4726f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAFEAQQB3AEEARABJAEEATgBRAEEAdQBBAEQAWQBBAE4AdwBBAHQAQQBEAEkAQQBNAFEAQQB5AEEARABFAEEATgBnAEEAdwBBAEQAQQBBAE4AZwBBADIAQQBEAEkAQQBOAGcAQQAzAEEARABVAEEATgBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 943 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:30 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b7267cf4-483e-418d-a14d-a2d747a4726f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAFEAQQB3AEEARABJAEEATgBRAEEAdQBBAEQAWQBBAE4AdwBBAHQAQQBEAEkAQQBNAFEAQQB5AEEARABFAEEATgBnAEEAdwBBAEQAQQBBAE4AZwBBADIAQQBEAEkAQQBOAGcAQQAzAEEARABVAEEATgBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 942 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:30 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b7267cf4-483e-418d-a14d-a2d747a4726f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAFEAQQB3AEEARABJAEEATgBRAEEAdQBBAEQAWQBBAE4AdwBBAHQAQQBEAEkAQQBNAFEAQQB5AEEARABFAEEATgBnAEEAdwBBAEQAQQBBAE4AZwBBADIAQQBEAEkAQQBOAGcAQQAzAEEARABVAEEATgBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 941 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:30 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b7267cf4-483e-418d-a14d-a2d747a4726f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAFEAQQB3AEEARABJAEEATgBRAEEAdQBBAEQAWQBBAE4AdwBBAHQAQQBEAEkAQQBNAFEAQQB5AEEARABFAEEATgBnAEEAdwBBAEQAQQBBAE4AZwBBADIAQQBEAEkAQQBOAGcAQQAzAEEARABVAEEATgBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 940 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:30 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b7267cf4-483e-418d-a14d-a2d747a4726f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAFEAQQB3AEEARABJAEEATgBRAEEAdQBBAEQAWQBBAE4AdwBBAHQAQQBEAEkAQQBNAFEAQQB5AEEARABFAEEATgBnAEEAdwBBAEQAQQBBAE4AZwBBADIAQQBEAEkAQQBOAGcAQQAzAEEARABVAEEATgBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 939 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:30 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c193f4ce-cc8b-46b5-9128-be70736812a7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c92c7cb0-cbc2-4101-aa2e-b41de01dbcbf
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 938 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:30 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7ef85c37-cb08-40ce-a89b-5f6446d09bdc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b63cd53d-fa0e-4274-a654-a7619fd26a1d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 937 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:29 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7ef85c37-cb08-40ce-a89b-5f6446d09bdc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 936 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:29 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7ef85c37-cb08-40ce-a89b-5f6446d09bdc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 935 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:29 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7ef85c37-cb08-40ce-a89b-5f6446d09bdc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 934 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:29 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7ef85c37-cb08-40ce-a89b-5f6446d09bdc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 933 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:29 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7ef85c37-cb08-40ce-a89b-5f6446d09bdc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 932 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:29 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7ef85c37-cb08-40ce-a89b-5f6446d09bdc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 931 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:29 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7ef85c37-cb08-40ce-a89b-5f6446d09bdc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 930 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:29 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7ef85c37-cb08-40ce-a89b-5f6446d09bdc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 929 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:29 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c193f4ce-cc8b-46b5-9128-be70736812a7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c92c7cb0-cbc2-4101-aa2e-b41de01dbcbf
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 928 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c193f4ce-cc8b-46b5-9128-be70736812a7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 927 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c193f4ce-cc8b-46b5-9128-be70736812a7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 926 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c193f4ce-cc8b-46b5-9128-be70736812a7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 925 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c193f4ce-cc8b-46b5-9128-be70736812a7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 924 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c193f4ce-cc8b-46b5-9128-be70736812a7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 923 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c193f4ce-cc8b-46b5-9128-be70736812a7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 922 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=17d4d77f-15e9-4324-b022-41cf0224f307
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADIANQAuADYANwAtADIAMQAyADEANgAwADAANgA2ADIANgA3ADUANABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=5.1.14393.1944
RunspaceId=51aa6267-3362-46b5-992d-e3389925e0c5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 921 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=17d4d77f-15e9-4324-b022-41cf0224f307
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADIANQAuADYANwAtADIAMQAyADEANgAwADAANgA2ADIANgA3ADUANABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=5.1.14393.1944
RunspaceId=51aa6267-3362-46b5-992d-e3389925e0c5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 920 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=17d4d77f-15e9-4324-b022-41cf0224f307
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADIANQAuADYANwAtADIAMQAyADEANgAwADAANgA2ADIANgA3ADUANABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 919 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=17d4d77f-15e9-4324-b022-41cf0224f307
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADIANQAuADYANwAtADIAMQAyADEANgAwADAANgA2ADIANgA3ADUANABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 918 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=17d4d77f-15e9-4324-b022-41cf0224f307
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADIANQAuADYANwAtADIAMQAyADEANgAwADAANgA2ADIANgA3ADUANABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 917 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=17d4d77f-15e9-4324-b022-41cf0224f307
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADIANQAuADYANwAtADIAMQAyADEANgAwADAANgA2ADIANgA3ADUANABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 916 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=17d4d77f-15e9-4324-b022-41cf0224f307
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADIANQAuADYANwAtADIAMQAyADEANgAwADAANgA2ADIANgA3ADUANABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 915 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=17d4d77f-15e9-4324-b022-41cf0224f307
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADIANQAuADYANwAtADIAMQAyADEANgAwADAANgA2ADIANgA3ADUANABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 914 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5a3e5d2e-7ea2-4d7f-958c-cdd8fde3b497
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=1db56e5e-5578-4f40-afd7-f8a85850bb31
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 913 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3d62abf6-6ab8-4417-b007-63b0e5258c54
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=bd2bb5f0-dc1d-4bb1-a18c-b12fdf7f908e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 912 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:27 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3d62abf6-6ab8-4417-b007-63b0e5258c54
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 911 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:27 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3d62abf6-6ab8-4417-b007-63b0e5258c54
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 910 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:27 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3d62abf6-6ab8-4417-b007-63b0e5258c54
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 909 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:27 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3d62abf6-6ab8-4417-b007-63b0e5258c54
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 908 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:27 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3d62abf6-6ab8-4417-b007-63b0e5258c54
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 907 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:27 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3d62abf6-6ab8-4417-b007-63b0e5258c54
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 906 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:27 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3d62abf6-6ab8-4417-b007-63b0e5258c54
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 905 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:27 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3d62abf6-6ab8-4417-b007-63b0e5258c54
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 904 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:27 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5a3e5d2e-7ea2-4d7f-958c-cdd8fde3b497
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=1db56e5e-5578-4f40-afd7-f8a85850bb31
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 903 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:26 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5a3e5d2e-7ea2-4d7f-958c-cdd8fde3b497
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 902 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:26 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5a3e5d2e-7ea2-4d7f-958c-cdd8fde3b497
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 901 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:26 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5a3e5d2e-7ea2-4d7f-958c-cdd8fde3b497
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 900 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:26 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5a3e5d2e-7ea2-4d7f-958c-cdd8fde3b497
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 899 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:26 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5a3e5d2e-7ea2-4d7f-958c-cdd8fde3b497
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 898 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:26 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5a3e5d2e-7ea2-4d7f-958c-cdd8fde3b497
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 897 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:26 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b1b68194-6071-4145-9ca2-6032693f9002
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHgAQQBEAEEAQQBNAGcAQQAxAEEAQwA0AEEATgBnAEEAMwBBAEMAMABBAE0AZwBBAHgAQQBEAEkAQQBNAFEAQQAyAEEARABBAEEATQBBAEEAMgBBAEQAWQBBAE0AZwBBADIAQQBEAGMAQQBOAFEAQQAwAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=5.1.14393.1944
RunspaceId=5026740b-53fb-4242-824c-5b4b54d6ec49
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 896 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:26 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1e308ac7-f4e7-47bc-8b80-2a31eec82322
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAxADAAMgA1AC4ANgA3AC0AMgAxADIAMQA2ADAAMAA2ADYAMgA2ADcANQA0ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=87e5daa1-171d-4567-bcd1-75777e1d9c96
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 895 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:26 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1e308ac7-f4e7-47bc-8b80-2a31eec82322
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAxADAAMgA1AC4ANgA3AC0AMgAxADIAMQA2ADAAMAA2ADYAMgA2ADcANQA0ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=87e5daa1-171d-4567-bcd1-75777e1d9c96
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 894 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:26 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1e308ac7-f4e7-47bc-8b80-2a31eec82322
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAxADAAMgA1AC4ANgA3AC0AMgAxADIAMQA2ADAAMAA2ADYAMgA2ADcANQA0ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 893 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:26 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1e308ac7-f4e7-47bc-8b80-2a31eec82322
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAxADAAMgA1AC4ANgA3AC0AMgAxADIAMQA2ADAAMAA2ADYAMgA2ADcANQA0ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 892 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:26 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1e308ac7-f4e7-47bc-8b80-2a31eec82322
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAxADAAMgA1AC4ANgA3AC0AMgAxADIAMQA2ADAAMAA2ADYAMgA2ADcANQA0ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 891 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:26 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1e308ac7-f4e7-47bc-8b80-2a31eec82322
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAxADAAMgA1AC4ANgA3AC0AMgAxADIAMQA2ADAAMAA2ADYAMgA2ADcANQA0ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 890 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:26 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1e308ac7-f4e7-47bc-8b80-2a31eec82322
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAxADAAMgA1AC4ANgA3AC0AMgAxADIAMQA2ADAAMAA2ADYAMgA2ADcANQA0ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 889 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:26 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1e308ac7-f4e7-47bc-8b80-2a31eec82322
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAxADAAMgA1AC4ANgA3AC0AMgAxADIAMQA2ADAAMAA2ADYAMgA2ADcANQA0ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 888 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:26 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b1b68194-6071-4145-9ca2-6032693f9002
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHgAQQBEAEEAQQBNAGcAQQAxAEEAQwA0AEEATgBnAEEAMwBBAEMAMABBAE0AZwBBAHgAQQBEAEkAQQBNAFEAQQAyAEEARABBAEEATQBBAEEAMgBBAEQAWQBBAE0AZwBBADIAQQBEAGMAQQBOAFEAQQAwAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=5.1.14393.1944
RunspaceId=5026740b-53fb-4242-824c-5b4b54d6ec49
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 887 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b1b68194-6071-4145-9ca2-6032693f9002
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHgAQQBEAEEAQQBNAGcAQQAxAEEAQwA0AEEATgBnAEEAMwBBAEMAMABBAE0AZwBBAHgAQQBEAEkAQQBNAFEAQQAyAEEARABBAEEATQBBAEEAMgBBAEQAWQBBAE0AZwBBADIAQQBEAGMAQQBOAFEAQQAwAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 886 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b1b68194-6071-4145-9ca2-6032693f9002
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHgAQQBEAEEAQQBNAGcAQQAxAEEAQwA0AEEATgBnAEEAMwBBAEMAMABBAE0AZwBBAHgAQQBEAEkAQQBNAFEAQQAyAEEARABBAEEATQBBAEEAMgBBAEQAWQBBAE0AZwBBADIAQQBEAGMAQQBOAFEAQQAwAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 885 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b1b68194-6071-4145-9ca2-6032693f9002
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHgAQQBEAEEAQQBNAGcAQQAxAEEAQwA0AEEATgBnAEEAMwBBAEMAMABBAE0AZwBBAHgAQQBEAEkAQQBNAFEAQQAyAEEARABBAEEATQBBAEEAMgBBAEQAWQBBAE0AZwBBADIAQQBEAGMAQQBOAFEAQQAwAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 884 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b1b68194-6071-4145-9ca2-6032693f9002
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHgAQQBEAEEAQQBNAGcAQQAxAEEAQwA0AEEATgBnAEEAMwBBAEMAMABBAE0AZwBBAHgAQQBEAEkAQQBNAFEAQQAyAEEARABBAEEATQBBAEEAMgBBAEQAWQBBAE0AZwBBADIAQQBEAGMAQQBOAFEAQQAwAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 883 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b1b68194-6071-4145-9ca2-6032693f9002
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHgAQQBEAEEAQQBNAGcAQQAxAEEAQwA0AEEATgBnAEEAMwBBAEMAMABBAE0AZwBBAHgAQQBEAEkAQQBNAFEAQQAyAEEARABBAEEATQBBAEEAMgBBAEQAWQBBAE0AZwBBADIAQQBEAGMAQQBOAFEAQQAwAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 882 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b1b68194-6071-4145-9ca2-6032693f9002
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHgAQQBEAEEAQQBNAGcAQQAxAEEAQwA0AEEATgBnAEEAMwBBAEMAMABBAE0AZwBBAHgAQQBEAEkAQQBNAFEAQQAyAEEARABBAEEATQBBAEEAMgBBAEQAWQBBAE0AZwBBADIAQQBEAGMAQQBOAFEAQQAwAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 881 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=112ceabe-027f-4a0b-9d85-37648637141c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAFEAQQB3AEEARABJAEEATQBBAEEAdQBBAEQASQBBAE4AdwBBAHQAQQBEAEUAQQBOAEEAQQAwAEEARABnAEEATQBRAEEAMgBBAEQAawBBAE8AQQBBADAAQQBEAFkAQQBNAHcAQQAxAEEARABFAEEATgB3AEEANQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=9d525e88-31d4-49e2-9326-6360a3684dab
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 880 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=02f8f297-7d37-4979-85d6-65c0e9b5bd5c
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADIAMAAuADIANwAtADEANAA0ADgAMQA2ADkAOAA0ADYAMwA1ADEANwA5ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=24107e5e-a94e-467d-9eca-f9a4a68f2d21
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 879 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=02f8f297-7d37-4979-85d6-65c0e9b5bd5c
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADIAMAAuADIANwAtADEANAA0ADgAMQA2ADkAOAA0ADYAMwA1ADEANwA5ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=24107e5e-a94e-467d-9eca-f9a4a68f2d21
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 878 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=02f8f297-7d37-4979-85d6-65c0e9b5bd5c
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADIAMAAuADIANwAtADEANAA0ADgAMQA2ADkAOAA0ADYAMwA1ADEANwA5ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 877 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=02f8f297-7d37-4979-85d6-65c0e9b5bd5c
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADIAMAAuADIANwAtADEANAA0ADgAMQA2ADkAOAA0ADYAMwA1ADEANwA5ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 876 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=02f8f297-7d37-4979-85d6-65c0e9b5bd5c
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADIAMAAuADIANwAtADEANAA0ADgAMQA2ADkAOAA0ADYAMwA1ADEANwA5ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 875 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=02f8f297-7d37-4979-85d6-65c0e9b5bd5c
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADIAMAAuADIANwAtADEANAA0ADgAMQA2ADkAOAA0ADYAMwA1ADEANwA5ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 874 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=02f8f297-7d37-4979-85d6-65c0e9b5bd5c
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADIAMAAuADIANwAtADEANAA0ADgAMQA2ADkAOAA0ADYAMwA1ADEANwA5ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 873 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=02f8f297-7d37-4979-85d6-65c0e9b5bd5c
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADIAMAAuADIANwAtADEANAA0ADgAMQA2ADkAOAA0ADYAMwA1ADEANwA5ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 872 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=112ceabe-027f-4a0b-9d85-37648637141c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAFEAQQB3AEEARABJAEEATQBBAEEAdQBBAEQASQBBAE4AdwBBAHQAQQBEAEUAQQBOAEEAQQAwAEEARABnAEEATQBRAEEAMgBBAEQAawBBAE8AQQBBADAAQQBEAFkAQQBNAHcAQQAxAEEARABFAEEATgB3AEEANQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=9d525e88-31d4-49e2-9326-6360a3684dab
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 871 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=112ceabe-027f-4a0b-9d85-37648637141c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAFEAQQB3AEEARABJAEEATQBBAEEAdQBBAEQASQBBAE4AdwBBAHQAQQBEAEUAQQBOAEEAQQAwAEEARABnAEEATQBRAEEAMgBBAEQAawBBAE8AQQBBADAAQQBEAFkAQQBNAHcAQQAxAEEARABFAEEATgB3AEEANQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 870 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=112ceabe-027f-4a0b-9d85-37648637141c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAFEAQQB3AEEARABJAEEATQBBAEEAdQBBAEQASQBBAE4AdwBBAHQAQQBEAEUAQQBOAEEAQQAwAEEARABnAEEATQBRAEEAMgBBAEQAawBBAE8AQQBBADAAQQBEAFkAQQBNAHcAQQAxAEEARABFAEEATgB3AEEANQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 869 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=112ceabe-027f-4a0b-9d85-37648637141c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAFEAQQB3AEEARABJAEEATQBBAEEAdQBBAEQASQBBAE4AdwBBAHQAQQBEAEUAQQBOAEEAQQAwAEEARABnAEEATQBRAEEAMgBBAEQAawBBAE8AQQBBADAAQQBEAFkAQQBNAHcAQQAxAEEARABFAEEATgB3AEEANQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 868 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=112ceabe-027f-4a0b-9d85-37648637141c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAFEAQQB3AEEARABJAEEATQBBAEEAdQBBAEQASQBBAE4AdwBBAHQAQQBEAEUAQQBOAEEAQQAwAEEARABnAEEATQBRAEEAMgBBAEQAawBBAE8AQQBBADAAQQBEAFkAQQBNAHcAQQAxAEEARABFAEEATgB3AEEANQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 867 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=112ceabe-027f-4a0b-9d85-37648637141c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAFEAQQB3AEEARABJAEEATQBBAEEAdQBBAEQASQBBAE4AdwBBAHQAQQBEAEUAQQBOAEEAQQAwAEEARABnAEEATQBRAEEAMgBBAEQAawBBAE8AQQBBADAAQQBEAFkAQQBNAHcAQQAxAEEARABFAEEATgB3AEEANQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 866 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=112ceabe-027f-4a0b-9d85-37648637141c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAFEAQQB3AEEARABJAEEATQBBAEEAdQBBAEQASQBBAE4AdwBBAHQAQQBEAEUAQQBOAEEAQQAwAEEARABnAEEATQBRAEEAMgBBAEQAawBBAE8AQQBBADAAQQBEAFkAQQBNAHcAQQAxAEEARABFAEEATgB3AEEANQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 865 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c573ad52-0b70-4e72-8569-03a27babbcbe
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=50ceaf94-7d7a-4ae2-8776-505d9f6fc303
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 864 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=66948dc4-390c-4588-a5a3-4610637af12b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=dc66abbe-635d-4ad0-923c-0865cdaec46b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 863 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=66948dc4-390c-4588-a5a3-4610637af12b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 862 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=66948dc4-390c-4588-a5a3-4610637af12b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 861 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=66948dc4-390c-4588-a5a3-4610637af12b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 860 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=66948dc4-390c-4588-a5a3-4610637af12b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 859 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=66948dc4-390c-4588-a5a3-4610637af12b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 858 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=66948dc4-390c-4588-a5a3-4610637af12b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 857 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=66948dc4-390c-4588-a5a3-4610637af12b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 856 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=66948dc4-390c-4588-a5a3-4610637af12b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 855 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c573ad52-0b70-4e72-8569-03a27babbcbe
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=50ceaf94-7d7a-4ae2-8776-505d9f6fc303
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 854 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:23 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c573ad52-0b70-4e72-8569-03a27babbcbe
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 853 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:23 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c573ad52-0b70-4e72-8569-03a27babbcbe
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 852 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:23 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c573ad52-0b70-4e72-8569-03a27babbcbe
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 851 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:23 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c573ad52-0b70-4e72-8569-03a27babbcbe
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 850 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:23 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c573ad52-0b70-4e72-8569-03a27babbcbe
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 849 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:23 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c573ad52-0b70-4e72-8569-03a27babbcbe
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 848 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:23 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2b65f3e2-f3c6-400e-b8ec-ec8a1307890a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADIAMAAuADIANwAtADEANAA0ADgAMQA2ADkAOAA0ADYAMwA1ADEANwA5AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=c5629886-e38d-46c5-a64a-0ff32e296d9d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 847 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:23 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2b65f3e2-f3c6-400e-b8ec-ec8a1307890a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADIAMAAuADIANwAtADEANAA0ADgAMQA2ADkAOAA0ADYAMwA1ADEANwA5AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=c5629886-e38d-46c5-a64a-0ff32e296d9d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 846 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2b65f3e2-f3c6-400e-b8ec-ec8a1307890a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADIAMAAuADIANwAtADEANAA0ADgAMQA2ADkAOAA0ADYAMwA1ADEANwA5AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 845 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2b65f3e2-f3c6-400e-b8ec-ec8a1307890a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADIAMAAuADIANwAtADEANAA0ADgAMQA2ADkAOAA0ADYAMwA1ADEANwA5AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 844 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2b65f3e2-f3c6-400e-b8ec-ec8a1307890a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADIAMAAuADIANwAtADEANAA0ADgAMQA2ADkAOAA0ADYAMwA1ADEANwA5AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 843 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2b65f3e2-f3c6-400e-b8ec-ec8a1307890a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADIAMAAuADIANwAtADEANAA0ADgAMQA2ADkAOAA0ADYAMwA1ADEANwA5AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 842 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2b65f3e2-f3c6-400e-b8ec-ec8a1307890a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADIAMAAuADIANwAtADEANAA0ADgAMQA2ADkAOAA0ADYAMwA1ADEANwA5AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 841 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2b65f3e2-f3c6-400e-b8ec-ec8a1307890a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADIAMAAuADIANwAtADEANAA0ADgAMQA2ADkAOAA0ADYAMwA1ADEANwA5AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 840 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1d24e265-ec71-4854-9824-d390b9e1577e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=37cf57f2-f8a8-400b-af15-0f2d40866ea3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 839 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bd0a3d7e-f280-4c53-9c1e-1d450329da2a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=96383816-9242-485d-b075-3890034d8ff6
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 838 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bd0a3d7e-f280-4c53-9c1e-1d450329da2a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 837 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bd0a3d7e-f280-4c53-9c1e-1d450329da2a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 836 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bd0a3d7e-f280-4c53-9c1e-1d450329da2a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 835 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bd0a3d7e-f280-4c53-9c1e-1d450329da2a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 834 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bd0a3d7e-f280-4c53-9c1e-1d450329da2a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 833 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bd0a3d7e-f280-4c53-9c1e-1d450329da2a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 832 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bd0a3d7e-f280-4c53-9c1e-1d450329da2a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 831 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bd0a3d7e-f280-4c53-9c1e-1d450329da2a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 830 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1d24e265-ec71-4854-9824-d390b9e1577e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=37cf57f2-f8a8-400b-af15-0f2d40866ea3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 829 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1d24e265-ec71-4854-9824-d390b9e1577e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 828 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1d24e265-ec71-4854-9824-d390b9e1577e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 827 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1d24e265-ec71-4854-9824-d390b9e1577e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 826 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1d24e265-ec71-4854-9824-d390b9e1577e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 825 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1d24e265-ec71-4854-9824-d390b9e1577e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 824 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1d24e265-ec71-4854-9824-d390b9e1577e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 823 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4104da1d-5810-44cf-92db-f1f5b8206218
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHgAQQBEAEEAQQBNAGcAQQB3AEEAQwA0AEEATQBnAEEAMwBBAEMAMABBAE0AUQBBADAAQQBEAFEAQQBPAEEAQQB4AEEARABZAEEATwBRAEEANABBAEQAUQBBAE4AZwBBAHoAQQBEAFUAQQBNAFEAQQAzAEEARABrAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=7faa1e26-f335-4dc6-a41a-4cd489f70c0a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 822 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8eea143b-cb6e-4f48-af15-620c4a308af9
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAxADAAMgAwAC4AMgA3AC0AMQA0ADQAOAAxADYAOQA4ADQANgAzADUAMQA3ADkAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=ae707587-c3ae-4880-a043-65ae249318d2
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 821 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8eea143b-cb6e-4f48-af15-620c4a308af9
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAxADAAMgAwAC4AMgA3AC0AMQA0ADQAOAAxADYAOQA4ADQANgAzADUAMQA3ADkAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=ae707587-c3ae-4880-a043-65ae249318d2
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 820 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8eea143b-cb6e-4f48-af15-620c4a308af9
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAxADAAMgAwAC4AMgA3AC0AMQA0ADQAOAAxADYAOQA4ADQANgAzADUAMQA3ADkAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 819 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8eea143b-cb6e-4f48-af15-620c4a308af9
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAxADAAMgAwAC4AMgA3AC0AMQA0ADQAOAAxADYAOQA4ADQANgAzADUAMQA3ADkAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 818 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8eea143b-cb6e-4f48-af15-620c4a308af9
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAxADAAMgAwAC4AMgA3AC0AMQA0ADQAOAAxADYAOQA4ADQANgAzADUAMQA3ADkAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 817 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8eea143b-cb6e-4f48-af15-620c4a308af9
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAxADAAMgAwAC4AMgA3AC0AMQA0ADQAOAAxADYAOQA4ADQANgAzADUAMQA3ADkAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 816 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8eea143b-cb6e-4f48-af15-620c4a308af9
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAxADAAMgAwAC4AMgA3AC0AMQA0ADQAOAAxADYAOQA4ADQANgAzADUAMQA3ADkAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 815 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8eea143b-cb6e-4f48-af15-620c4a308af9
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAxADAAMgAwAC4AMgA3AC0AMQA0ADQAOAAxADYAOQA4ADQANgAzADUAMQA3ADkAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 814 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4104da1d-5810-44cf-92db-f1f5b8206218
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHgAQQBEAEEAQQBNAGcAQQB3AEEAQwA0AEEATQBnAEEAMwBBAEMAMABBAE0AUQBBADAAQQBEAFEAQQBPAEEAQQB4AEEARABZAEEATwBRAEEANABBAEQAUQBBAE4AZwBBAHoAQQBEAFUAQQBNAFEAQQAzAEEARABrAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=7faa1e26-f335-4dc6-a41a-4cd489f70c0a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 813 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4104da1d-5810-44cf-92db-f1f5b8206218
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHgAQQBEAEEAQQBNAGcAQQB3AEEAQwA0AEEATQBnAEEAMwBBAEMAMABBAE0AUQBBADAAQQBEAFEAQQBPAEEAQQB4AEEARABZAEEATwBRAEEANABBAEQAUQBBAE4AZwBBAHoAQQBEAFUAQQBNAFEAQQAzAEEARABrAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 812 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4104da1d-5810-44cf-92db-f1f5b8206218
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHgAQQBEAEEAQQBNAGcAQQB3AEEAQwA0AEEATQBnAEEAMwBBAEMAMABBAE0AUQBBADAAQQBEAFEAQQBPAEEAQQB4AEEARABZAEEATwBRAEEANABBAEQAUQBBAE4AZwBBAHoAQQBEAFUAQQBNAFEAQQAzAEEARABrAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 811 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4104da1d-5810-44cf-92db-f1f5b8206218
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHgAQQBEAEEAQQBNAGcAQQB3AEEAQwA0AEEATQBnAEEAMwBBAEMAMABBAE0AUQBBADAAQQBEAFEAQQBPAEEAQQB4AEEARABZAEEATwBRAEEANABBAEQAUQBBAE4AZwBBAHoAQQBEAFUAQQBNAFEAQQAzAEEARABrAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 810 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4104da1d-5810-44cf-92db-f1f5b8206218
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHgAQQBEAEEAQQBNAGcAQQB3AEEAQwA0AEEATQBnAEEAMwBBAEMAMABBAE0AUQBBADAAQQBEAFEAQQBPAEEAQQB4AEEARABZAEEATwBRAEEANABBAEQAUQBBAE4AZwBBAHoAQQBEAFUAQQBNAFEAQQAzAEEARABrAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 809 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4104da1d-5810-44cf-92db-f1f5b8206218
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHgAQQBEAEEAQQBNAGcAQQB3AEEAQwA0AEEATQBnAEEAMwBBAEMAMABBAE0AUQBBADAAQQBEAFEAQQBPAEEAQQB4AEEARABZAEEATwBRAEEANABBAEQAUQBBAE4AZwBBAHoAQQBEAFUAQQBNAFEAQQAzAEEARABrAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 808 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4104da1d-5810-44cf-92db-f1f5b8206218
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHgAQQBEAEEAQQBNAGcAQQB3AEEAQwA0AEEATQBnAEEAMwBBAEMAMABBAE0AUQBBADAAQQBEAFEAQQBPAEEAQQB4AEEARABZAEEATwBRAEEANABBAEQAUQBBAE4AZwBBAHoAQQBEAFUAQQBNAFEAQQAzAEEARABrAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 807 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dc40ae10-0860-4466-b472-dcd42a5733f4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAFEAQQB3AEEARABFAEEATgBRAEEAdQBBAEQARQBBAE4AdwBBAHQAQQBEAEUAQQBOAGcAQQAzAEEARABBAEEATQBRAEEAMgBBAEQAVQBBAE0AQQBBADIAQQBEAFkAQQBNAGcAQQB5AEEARABBAEEATgBRAEEANQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=a1758baa-c3c1-409c-8baa-60c8b1f820c6
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 806 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=28a49f8c-3915-4b25-b2da-946959792093
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADEANQAuADEANwAtADEANgA3ADAAMQA2ADUAMAA2ADYAMgAyADAANQA5ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=db43c58b-60c7-45a7-8306-f71eb955b3ee
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 805 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=28a49f8c-3915-4b25-b2da-946959792093
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADEANQAuADEANwAtADEANgA3ADAAMQA2ADUAMAA2ADYAMgAyADAANQA5ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=db43c58b-60c7-45a7-8306-f71eb955b3ee
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 804 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=28a49f8c-3915-4b25-b2da-946959792093
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADEANQAuADEANwAtADEANgA3ADAAMQA2ADUAMAA2ADYAMgAyADAANQA5ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 803 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=28a49f8c-3915-4b25-b2da-946959792093
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADEANQAuADEANwAtADEANgA3ADAAMQA2ADUAMAA2ADYAMgAyADAANQA5ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 802 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=28a49f8c-3915-4b25-b2da-946959792093
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADEANQAuADEANwAtADEANgA3ADAAMQA2ADUAMAA2ADYAMgAyADAANQA5ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 801 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=28a49f8c-3915-4b25-b2da-946959792093
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADEANQAuADEANwAtADEANgA3ADAAMQA2ADUAMAA2ADYAMgAyADAANQA5ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 800 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=28a49f8c-3915-4b25-b2da-946959792093
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADEANQAuADEANwAtADEANgA3ADAAMQA2ADUAMAA2ADYAMgAyADAANQA5ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 799 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=28a49f8c-3915-4b25-b2da-946959792093
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADEANQAuADEANwAtADEANgA3ADAAMQA2ADUAMAA2ADYAMgAyADAANQA5ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 798 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dc40ae10-0860-4466-b472-dcd42a5733f4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAFEAQQB3AEEARABFAEEATgBRAEEAdQBBAEQARQBBAE4AdwBBAHQAQQBEAEUAQQBOAGcAQQAzAEEARABBAEEATQBRAEEAMgBBAEQAVQBBAE0AQQBBADIAQQBEAFkAQQBNAGcAQQB5AEEARABBAEEATgBRAEEANQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=a1758baa-c3c1-409c-8baa-60c8b1f820c6
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 797 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dc40ae10-0860-4466-b472-dcd42a5733f4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAFEAQQB3AEEARABFAEEATgBRAEEAdQBBAEQARQBBAE4AdwBBAHQAQQBEAEUAQQBOAGcAQQAzAEEARABBAEEATQBRAEEAMgBBAEQAVQBBAE0AQQBBADIAQQBEAFkAQQBNAGcAQQB5AEEARABBAEEATgBRAEEANQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 796 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dc40ae10-0860-4466-b472-dcd42a5733f4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAFEAQQB3AEEARABFAEEATgBRAEEAdQBBAEQARQBBAE4AdwBBAHQAQQBEAEUAQQBOAGcAQQAzAEEARABBAEEATQBRAEEAMgBBAEQAVQBBAE0AQQBBADIAQQBEAFkAQQBNAGcAQQB5AEEARABBAEEATgBRAEEANQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 795 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dc40ae10-0860-4466-b472-dcd42a5733f4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAFEAQQB3AEEARABFAEEATgBRAEEAdQBBAEQARQBBAE4AdwBBAHQAQQBEAEUAQQBOAGcAQQAzAEEARABBAEEATQBRAEEAMgBBAEQAVQBBAE0AQQBBADIAQQBEAFkAQQBNAGcAQQB5AEEARABBAEEATgBRAEEANQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 794 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dc40ae10-0860-4466-b472-dcd42a5733f4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAFEAQQB3AEEARABFAEEATgBRAEEAdQBBAEQARQBBAE4AdwBBAHQAQQBEAEUAQQBOAGcAQQAzAEEARABBAEEATQBRAEEAMgBBAEQAVQBBAE0AQQBBADIAQQBEAFkAQQBNAGcAQQB5AEEARABBAEEATgBRAEEANQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 793 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dc40ae10-0860-4466-b472-dcd42a5733f4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAFEAQQB3AEEARABFAEEATgBRAEEAdQBBAEQARQBBAE4AdwBBAHQAQQBEAEUAQQBOAGcAQQAzAEEARABBAEEATQBRAEEAMgBBAEQAVQBBAE0AQQBBADIAQQBEAFkAQQBNAGcAQQB5AEEARABBAEEATgBRAEEANQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 792 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dc40ae10-0860-4466-b472-dcd42a5733f4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAFEAQQB3AEEARABFAEEATgBRAEEAdQBBAEQARQBBAE4AdwBBAHQAQQBEAEUAQQBOAGcAQQAzAEEARABBAEEATQBRAEEAMgBBAEQAVQBBAE0AQQBBADIAQQBEAFkAQQBNAGcAQQB5AEEARABBAEEATgBRAEEANQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 791 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c48966ce-00bb-4ab8-ac24-427326cb47a3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=dae78024-14c7-4a94-be99-73f6910f0882
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 790 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=516e32fc-02c4-4adb-8074-0cde422c4d94
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=a0722063-df16-4739-ad6a-2e01ecc12b19
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 789 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=516e32fc-02c4-4adb-8074-0cde422c4d94
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 788 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=516e32fc-02c4-4adb-8074-0cde422c4d94
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 787 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=516e32fc-02c4-4adb-8074-0cde422c4d94
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 786 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=516e32fc-02c4-4adb-8074-0cde422c4d94
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 785 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=516e32fc-02c4-4adb-8074-0cde422c4d94
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 784 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=516e32fc-02c4-4adb-8074-0cde422c4d94
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 783 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=516e32fc-02c4-4adb-8074-0cde422c4d94
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 782 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=516e32fc-02c4-4adb-8074-0cde422c4d94
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 781 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c48966ce-00bb-4ab8-ac24-427326cb47a3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=dae78024-14c7-4a94-be99-73f6910f0882
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 780 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c48966ce-00bb-4ab8-ac24-427326cb47a3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 779 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c48966ce-00bb-4ab8-ac24-427326cb47a3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 778 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c48966ce-00bb-4ab8-ac24-427326cb47a3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 777 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c48966ce-00bb-4ab8-ac24-427326cb47a3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 776 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c48966ce-00bb-4ab8-ac24-427326cb47a3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 775 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c48966ce-00bb-4ab8-ac24-427326cb47a3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 774 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb1dcfd7-43d3-4f4e-8152-07251b2c4fb4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADEANQAuADEANwAtADEANgA3ADAAMQA2ADUAMAA2ADYAMgAyADAANQA5AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=29c58de9-bf21-4d54-9486-62653048ebce
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 773 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb1dcfd7-43d3-4f4e-8152-07251b2c4fb4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADEANQAuADEANwAtADEANgA3ADAAMQA2ADUAMAA2ADYAMgAyADAANQA5AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=29c58de9-bf21-4d54-9486-62653048ebce
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 772 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb1dcfd7-43d3-4f4e-8152-07251b2c4fb4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADEANQAuADEANwAtADEANgA3ADAAMQA2ADUAMAA2ADYAMgAyADAANQA5AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 771 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb1dcfd7-43d3-4f4e-8152-07251b2c4fb4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADEANQAuADEANwAtADEANgA3ADAAMQA2ADUAMAA2ADYAMgAyADAANQA5AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 770 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb1dcfd7-43d3-4f4e-8152-07251b2c4fb4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADEANQAuADEANwAtADEANgA3ADAAMQA2ADUAMAA2ADYAMgAyADAANQA5AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 769 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb1dcfd7-43d3-4f4e-8152-07251b2c4fb4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADEANQAuADEANwAtADEANgA3ADAAMQA2ADUAMAA2ADYAMgAyADAANQA5AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 768 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb1dcfd7-43d3-4f4e-8152-07251b2c4fb4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADEANQAuADEANwAtADEANgA3ADAAMQA2ADUAMAA2ADYAMgAyADAANQA5AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 767 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb1dcfd7-43d3-4f4e-8152-07251b2c4fb4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADEANQAuADEANwAtADEANgA3ADAAMQA2ADUAMAA2ADYAMgAyADAANQA5AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 766 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9acfaf91-6861-49c5-ae98-935c0e925ea2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=d2b56d4e-b38b-4c88-bb44-2ca816520fbd
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 765 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=dd6f15fa-b6a8-4150-8fe6-b85c7f35a7bb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=bfad74b4-cc88-4188-85b2-0f2a53de627b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 764 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=dd6f15fa-b6a8-4150-8fe6-b85c7f35a7bb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 763 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=dd6f15fa-b6a8-4150-8fe6-b85c7f35a7bb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 762 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=dd6f15fa-b6a8-4150-8fe6-b85c7f35a7bb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 761 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=dd6f15fa-b6a8-4150-8fe6-b85c7f35a7bb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 760 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=dd6f15fa-b6a8-4150-8fe6-b85c7f35a7bb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 759 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=dd6f15fa-b6a8-4150-8fe6-b85c7f35a7bb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 758 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=dd6f15fa-b6a8-4150-8fe6-b85c7f35a7bb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 757 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=dd6f15fa-b6a8-4150-8fe6-b85c7f35a7bb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 756 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9acfaf91-6861-49c5-ae98-935c0e925ea2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=d2b56d4e-b38b-4c88-bb44-2ca816520fbd
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 755 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9acfaf91-6861-49c5-ae98-935c0e925ea2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 754 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9acfaf91-6861-49c5-ae98-935c0e925ea2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 753 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9acfaf91-6861-49c5-ae98-935c0e925ea2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 752 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9acfaf91-6861-49c5-ae98-935c0e925ea2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 751 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9acfaf91-6861-49c5-ae98-935c0e925ea2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 750 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9acfaf91-6861-49c5-ae98-935c0e925ea2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 749 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fa8cbb05-e90d-4ce5-a1dd-eacf61e6cb95
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHgAQQBEAEEAQQBNAFEAQQAxAEEAQwA0AEEATQBRAEEAMwBBAEMAMABBAE0AUQBBADIAQQBEAGMAQQBNAEEAQQB4AEEARABZAEEATgBRAEEAdwBBAEQAWQBBAE4AZwBBAHkAQQBEAEkAQQBNAEEAQQAxAEEARABrAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=417e602d-fffa-4d31-9f9c-422ecd30f5ae
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 748 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=04ed8334-f241-45fd-9db2-829c2616cbad
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAxADAAMQA1AC4AMQA3AC0AMQA2ADcAMAAxADYANQAwADYANgAyADIAMAA1ADkAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=7b615a6a-63b9-4713-adc0-f61ecc0afed0
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 747 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=04ed8334-f241-45fd-9db2-829c2616cbad
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAxADAAMQA1AC4AMQA3AC0AMQA2ADcAMAAxADYANQAwADYANgAyADIAMAA1ADkAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=7b615a6a-63b9-4713-adc0-f61ecc0afed0
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 746 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=04ed8334-f241-45fd-9db2-829c2616cbad
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAxADAAMQA1AC4AMQA3AC0AMQA2ADcAMAAxADYANQAwADYANgAyADIAMAA1ADkAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 745 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=04ed8334-f241-45fd-9db2-829c2616cbad
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAxADAAMQA1AC4AMQA3AC0AMQA2ADcAMAAxADYANQAwADYANgAyADIAMAA1ADkAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 744 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=04ed8334-f241-45fd-9db2-829c2616cbad
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAxADAAMQA1AC4AMQA3AC0AMQA2ADcAMAAxADYANQAwADYANgAyADIAMAA1ADkAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 743 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=04ed8334-f241-45fd-9db2-829c2616cbad
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAxADAAMQA1AC4AMQA3AC0AMQA2ADcAMAAxADYANQAwADYANgAyADIAMAA1ADkAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 742 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=04ed8334-f241-45fd-9db2-829c2616cbad
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAxADAAMQA1AC4AMQA3AC0AMQA2ADcAMAAxADYANQAwADYANgAyADIAMAA1ADkAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 741 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=04ed8334-f241-45fd-9db2-829c2616cbad
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAxADAAMQA1AC4AMQA3AC0AMQA2ADcAMAAxADYANQAwADYANgAyADIAMAA1ADkAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 740 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fa8cbb05-e90d-4ce5-a1dd-eacf61e6cb95
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHgAQQBEAEEAQQBNAFEAQQAxAEEAQwA0AEEATQBRAEEAMwBBAEMAMABBAE0AUQBBADIAQQBEAGMAQQBNAEEAQQB4AEEARABZAEEATgBRAEEAdwBBAEQAWQBBAE4AZwBBAHkAQQBEAEkAQQBNAEEAQQAxAEEARABrAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=417e602d-fffa-4d31-9f9c-422ecd30f5ae
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 739 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fa8cbb05-e90d-4ce5-a1dd-eacf61e6cb95
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHgAQQBEAEEAQQBNAFEAQQAxAEEAQwA0AEEATQBRAEEAMwBBAEMAMABBAE0AUQBBADIAQQBEAGMAQQBNAEEAQQB4AEEARABZAEEATgBRAEEAdwBBAEQAWQBBAE4AZwBBAHkAQQBEAEkAQQBNAEEAQQAxAEEARABrAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 738 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fa8cbb05-e90d-4ce5-a1dd-eacf61e6cb95
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHgAQQBEAEEAQQBNAFEAQQAxAEEAQwA0AEEATQBRAEEAMwBBAEMAMABBAE0AUQBBADIAQQBEAGMAQQBNAEEAQQB4AEEARABZAEEATgBRAEEAdwBBAEQAWQBBAE4AZwBBAHkAQQBEAEkAQQBNAEEAQQAxAEEARABrAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 737 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fa8cbb05-e90d-4ce5-a1dd-eacf61e6cb95
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHgAQQBEAEEAQQBNAFEAQQAxAEEAQwA0AEEATQBRAEEAMwBBAEMAMABBAE0AUQBBADIAQQBEAGMAQQBNAEEAQQB4AEEARABZAEEATgBRAEEAdwBBAEQAWQBBAE4AZwBBAHkAQQBEAEkAQQBNAEEAQQAxAEEARABrAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 736 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fa8cbb05-e90d-4ce5-a1dd-eacf61e6cb95
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHgAQQBEAEEAQQBNAFEAQQAxAEEAQwA0AEEATQBRAEEAMwBBAEMAMABBAE0AUQBBADIAQQBEAGMAQQBNAEEAQQB4AEEARABZAEEATgBRAEEAdwBBAEQAWQBBAE4AZwBBAHkAQQBEAEkAQQBNAEEAQQAxAEEARABrAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 735 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fa8cbb05-e90d-4ce5-a1dd-eacf61e6cb95
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHgAQQBEAEEAQQBNAFEAQQAxAEEAQwA0AEEATQBRAEEAMwBBAEMAMABBAE0AUQBBADIAQQBEAGMAQQBNAEEAQQB4AEEARABZAEEATgBRAEEAdwBBAEQAWQBBAE4AZwBBAHkAQQBEAEkAQQBNAEEAQQAxAEEARABrAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 734 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fa8cbb05-e90d-4ce5-a1dd-eacf61e6cb95
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHgAQQBEAEEAQQBNAFEAQQAxAEEAQwA0AEEATQBRAEEAMwBBAEMAMABBAE0AUQBBADIAQQBEAGMAQQBNAEEAQQB4AEEARABZAEEATgBRAEEAdwBBAEQAWQBBAE4AZwBBAHkAQQBEAEkAQQBNAEEAQQAxAEEARABrAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 733 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b9fa28aa-500f-47eb-a046-46aefca6a93a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAFEAQQB3AEEARABFAEEATQBBAEEAdQBBAEQAQQBBAE4AUQBBAHQAQQBEAEUAQQBPAEEAQQB6AEEARABNAEEATQBnAEEAMgBBAEQAZwBBAE8AQQBBAHcAQQBEAFEAQQBPAFEAQQB3AEEARABVAEEATgBnAEEANQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=86f7cfe0-9bbb-4a7b-9791-af71a73aaf8f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 732 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bc6e308e-1909-4bda-8c96-3e7ef0b9262e
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADEAMAAuADAANQAtADEAOAAzADMAMgA2ADgAOAAwADQAOQAwADUANgA5ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=7a0cb570-e33f-4169-9259-d68d3eb29ab4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 731 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bc6e308e-1909-4bda-8c96-3e7ef0b9262e
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADEAMAAuADAANQAtADEAOAAzADMAMgA2ADgAOAAwADQAOQAwADUANgA5ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=7a0cb570-e33f-4169-9259-d68d3eb29ab4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 730 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bc6e308e-1909-4bda-8c96-3e7ef0b9262e
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADEAMAAuADAANQAtADEAOAAzADMAMgA2ADgAOAAwADQAOQAwADUANgA5ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 729 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bc6e308e-1909-4bda-8c96-3e7ef0b9262e
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADEAMAAuADAANQAtADEAOAAzADMAMgA2ADgAOAAwADQAOQAwADUANgA5ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 728 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bc6e308e-1909-4bda-8c96-3e7ef0b9262e
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADEAMAAuADAANQAtADEAOAAzADMAMgA2ADgAOAAwADQAOQAwADUANgA5ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 727 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bc6e308e-1909-4bda-8c96-3e7ef0b9262e
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADEAMAAuADAANQAtADEAOAAzADMAMgA2ADgAOAAwADQAOQAwADUANgA5ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 726 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bc6e308e-1909-4bda-8c96-3e7ef0b9262e
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADEAMAAuADAANQAtADEAOAAzADMAMgA2ADgAOAAwADQAOQAwADUANgA5ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 725 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bc6e308e-1909-4bda-8c96-3e7ef0b9262e
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADEAMAAuADAANQAtADEAOAAzADMAMgA2ADgAOAAwADQAOQAwADUANgA5ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 724 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b9fa28aa-500f-47eb-a046-46aefca6a93a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAFEAQQB3AEEARABFAEEATQBBAEEAdQBBAEQAQQBBAE4AUQBBAHQAQQBEAEUAQQBPAEEAQQB6AEEARABNAEEATQBnAEEAMgBBAEQAZwBBAE8AQQBBAHcAQQBEAFEAQQBPAFEAQQB3AEEARABVAEEATgBnAEEANQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=86f7cfe0-9bbb-4a7b-9791-af71a73aaf8f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 723 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b9fa28aa-500f-47eb-a046-46aefca6a93a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAFEAQQB3AEEARABFAEEATQBBAEEAdQBBAEQAQQBBAE4AUQBBAHQAQQBEAEUAQQBPAEEAQQB6AEEARABNAEEATQBnAEEAMgBBAEQAZwBBAE8AQQBBAHcAQQBEAFEAQQBPAFEAQQB3AEEARABVAEEATgBnAEEANQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 722 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b9fa28aa-500f-47eb-a046-46aefca6a93a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAFEAQQB3AEEARABFAEEATQBBAEEAdQBBAEQAQQBBAE4AUQBBAHQAQQBEAEUAQQBPAEEAQQB6AEEARABNAEEATQBnAEEAMgBBAEQAZwBBAE8AQQBBAHcAQQBEAFEAQQBPAFEAQQB3AEEARABVAEEATgBnAEEANQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 721 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b9fa28aa-500f-47eb-a046-46aefca6a93a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAFEAQQB3AEEARABFAEEATQBBAEEAdQBBAEQAQQBBAE4AUQBBAHQAQQBEAEUAQQBPAEEAQQB6AEEARABNAEEATQBnAEEAMgBBAEQAZwBBAE8AQQBBAHcAQQBEAFEAQQBPAFEAQQB3AEEARABVAEEATgBnAEEANQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 720 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b9fa28aa-500f-47eb-a046-46aefca6a93a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAFEAQQB3AEEARABFAEEATQBBAEEAdQBBAEQAQQBBAE4AUQBBAHQAQQBEAEUAQQBPAEEAQQB6AEEARABNAEEATQBnAEEAMgBBAEQAZwBBAE8AQQBBAHcAQQBEAFEAQQBPAFEAQQB3AEEARABVAEEATgBnAEEANQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 719 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b9fa28aa-500f-47eb-a046-46aefca6a93a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAFEAQQB3AEEARABFAEEATQBBAEEAdQBBAEQAQQBBAE4AUQBBAHQAQQBEAEUAQQBPAEEAQQB6AEEARABNAEEATQBnAEEAMgBBAEQAZwBBAE8AQQBBAHcAQQBEAFEAQQBPAFEAQQB3AEEARABVAEEATgBnAEEANQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 718 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b9fa28aa-500f-47eb-a046-46aefca6a93a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAFEAQQB3AEEARABFAEEATQBBAEEAdQBBAEQAQQBBAE4AUQBBAHQAQQBEAEUAQQBPAEEAQQB6AEEARABNAEEATQBnAEEAMgBBAEQAZwBBAE8AQQBBAHcAQQBEAFEAQQBPAFEAQQB3AEEARABVAEEATgBnAEEANQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 717 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bca6f942-b17a-457b-81c8-86dc51ead2e1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=f416f071-3259-4af2-8adc-fc44ee6934cb
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 716 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=32040804-5da7-4f55-a510-0c55beea965b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e9ccf1d1-b1b4-4747-9eee-70fb670049b9
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 715 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=32040804-5da7-4f55-a510-0c55beea965b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 714 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=32040804-5da7-4f55-a510-0c55beea965b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 713 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=32040804-5da7-4f55-a510-0c55beea965b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 712 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=32040804-5da7-4f55-a510-0c55beea965b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 711 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=32040804-5da7-4f55-a510-0c55beea965b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 710 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=32040804-5da7-4f55-a510-0c55beea965b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 709 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=32040804-5da7-4f55-a510-0c55beea965b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 708 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=32040804-5da7-4f55-a510-0c55beea965b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 707 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bca6f942-b17a-457b-81c8-86dc51ead2e1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=f416f071-3259-4af2-8adc-fc44ee6934cb
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 706 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bca6f942-b17a-457b-81c8-86dc51ead2e1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 705 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bca6f942-b17a-457b-81c8-86dc51ead2e1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 704 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bca6f942-b17a-457b-81c8-86dc51ead2e1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 703 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bca6f942-b17a-457b-81c8-86dc51ead2e1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 702 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bca6f942-b17a-457b-81c8-86dc51ead2e1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 701 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bca6f942-b17a-457b-81c8-86dc51ead2e1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 700 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=00d1dac4-e5bc-461f-af38-facb93af21d4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADEAMAAuADAANQAtADEAOAAzADMAMgA2ADgAOAAwADQAOQAwADUANgA5AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=725304e3-9ffe-4ee6-ba8c-e9c2e73154aa
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 699 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=00d1dac4-e5bc-461f-af38-facb93af21d4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADEAMAAuADAANQAtADEAOAAzADMAMgA2ADgAOAAwADQAOQAwADUANgA5AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=725304e3-9ffe-4ee6-ba8c-e9c2e73154aa
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 698 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=00d1dac4-e5bc-461f-af38-facb93af21d4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADEAMAAuADAANQAtADEAOAAzADMAMgA2ADgAOAAwADQAOQAwADUANgA5AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 697 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=00d1dac4-e5bc-461f-af38-facb93af21d4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADEAMAAuADAANQAtADEAOAAzADMAMgA2ADgAOAAwADQAOQAwADUANgA5AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 696 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=00d1dac4-e5bc-461f-af38-facb93af21d4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADEAMAAuADAANQAtADEAOAAzADMAMgA2ADgAOAAwADQAOQAwADUANgA5AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 695 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=00d1dac4-e5bc-461f-af38-facb93af21d4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADEAMAAuADAANQAtADEAOAAzADMAMgA2ADgAOAAwADQAOQAwADUANgA5AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 694 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=00d1dac4-e5bc-461f-af38-facb93af21d4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADEAMAAuADAANQAtADEAOAAzADMAMgA2ADgAOAAwADQAOQAwADUANgA5AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 693 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=00d1dac4-e5bc-461f-af38-facb93af21d4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADEAMAAuADAANQAtADEAOAAzADMAMgA2ADgAOAAwADQAOQAwADUANgA5AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 692 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=11c667b3-302a-45ef-b3c8-49b227e0cce6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=2acfe433-682e-4c74-8d69-ba3f5f818997
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 691 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=63cb1682-235a-43bc-b6c2-37bd180a3557
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=36ce985f-c4cc-4c2f-941e-7c2cb8cf6791
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 690 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=63cb1682-235a-43bc-b6c2-37bd180a3557
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 689 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=63cb1682-235a-43bc-b6c2-37bd180a3557
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 688 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=63cb1682-235a-43bc-b6c2-37bd180a3557
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 687 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=63cb1682-235a-43bc-b6c2-37bd180a3557
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 686 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=63cb1682-235a-43bc-b6c2-37bd180a3557
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 685 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=63cb1682-235a-43bc-b6c2-37bd180a3557
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 684 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=63cb1682-235a-43bc-b6c2-37bd180a3557
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 683 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=63cb1682-235a-43bc-b6c2-37bd180a3557
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 682 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=11c667b3-302a-45ef-b3c8-49b227e0cce6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=2acfe433-682e-4c74-8d69-ba3f5f818997
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 681 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=11c667b3-302a-45ef-b3c8-49b227e0cce6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 680 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=11c667b3-302a-45ef-b3c8-49b227e0cce6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 679 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=11c667b3-302a-45ef-b3c8-49b227e0cce6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 678 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=11c667b3-302a-45ef-b3c8-49b227e0cce6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 677 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=11c667b3-302a-45ef-b3c8-49b227e0cce6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 676 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=11c667b3-302a-45ef-b3c8-49b227e0cce6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 675 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bf68ac78-9eec-4900-83c6-56a9cf99b8b4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHgAQQBEAEEAQQBNAFEAQQB3AEEAQwA0AEEATQBBAEEAMQBBAEMAMABBAE0AUQBBADQAQQBEAE0AQQBNAHcAQQB5AEEARABZAEEATwBBAEEANABBAEQAQQBBAE4AQQBBADUAQQBEAEEAQQBOAFEAQQAyAEEARABrAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=9f009b5f-9af5-4536-b560-ecc2b1476e08
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 674 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8bb6ddd6-4d18-495d-a599-2985ca2e84b1
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAxADAAMQAwAC4AMAA1AC0AMQA4ADMAMwAyADYAOAA4ADAANAA5ADAANQA2ADkAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=14f7ae19-9c69-4965-b390-83d68e9ef241
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 673 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8bb6ddd6-4d18-495d-a599-2985ca2e84b1
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAxADAAMQAwAC4AMAA1AC0AMQA4ADMAMwAyADYAOAA4ADAANAA5ADAANQA2ADkAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=14f7ae19-9c69-4965-b390-83d68e9ef241
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 672 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8bb6ddd6-4d18-495d-a599-2985ca2e84b1
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAxADAAMQAwAC4AMAA1AC0AMQA4ADMAMwAyADYAOAA4ADAANAA5ADAANQA2ADkAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 671 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8bb6ddd6-4d18-495d-a599-2985ca2e84b1
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAxADAAMQAwAC4AMAA1AC0AMQA4ADMAMwAyADYAOAA4ADAANAA5ADAANQA2ADkAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 670 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8bb6ddd6-4d18-495d-a599-2985ca2e84b1
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAxADAAMQAwAC4AMAA1AC0AMQA4ADMAMwAyADYAOAA4ADAANAA5ADAANQA2ADkAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 669 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8bb6ddd6-4d18-495d-a599-2985ca2e84b1
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAxADAAMQAwAC4AMAA1AC0AMQA4ADMAMwAyADYAOAA4ADAANAA5ADAANQA2ADkAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 668 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8bb6ddd6-4d18-495d-a599-2985ca2e84b1
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAxADAAMQAwAC4AMAA1AC0AMQA4ADMAMwAyADYAOAA4ADAANAA5ADAANQA2ADkAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 667 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8bb6ddd6-4d18-495d-a599-2985ca2e84b1
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAxADAAMQAwAC4AMAA1AC0AMQA4ADMAMwAyADYAOAA4ADAANAA5ADAANQA2ADkAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 666 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bf68ac78-9eec-4900-83c6-56a9cf99b8b4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHgAQQBEAEEAQQBNAFEAQQB3AEEAQwA0AEEATQBBAEEAMQBBAEMAMABBAE0AUQBBADQAQQBEAE0AQQBNAHcAQQB5AEEARABZAEEATwBBAEEANABBAEQAQQBBAE4AQQBBADUAQQBEAEEAQQBOAFEAQQAyAEEARABrAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=9f009b5f-9af5-4536-b560-ecc2b1476e08
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 665 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bf68ac78-9eec-4900-83c6-56a9cf99b8b4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHgAQQBEAEEAQQBNAFEAQQB3AEEAQwA0AEEATQBBAEEAMQBBAEMAMABBAE0AUQBBADQAQQBEAE0AQQBNAHcAQQB5AEEARABZAEEATwBBAEEANABBAEQAQQBBAE4AQQBBADUAQQBEAEEAQQBOAFEAQQAyAEEARABrAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 664 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bf68ac78-9eec-4900-83c6-56a9cf99b8b4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHgAQQBEAEEAQQBNAFEAQQB3AEEAQwA0AEEATQBBAEEAMQBBAEMAMABBAE0AUQBBADQAQQBEAE0AQQBNAHcAQQB5AEEARABZAEEATwBBAEEANABBAEQAQQBBAE4AQQBBADUAQQBEAEEAQQBOAFEAQQAyAEEARABrAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 663 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bf68ac78-9eec-4900-83c6-56a9cf99b8b4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHgAQQBEAEEAQQBNAFEAQQB3AEEAQwA0AEEATQBBAEEAMQBBAEMAMABBAE0AUQBBADQAQQBEAE0AQQBNAHcAQQB5AEEARABZAEEATwBBAEEANABBAEQAQQBBAE4AQQBBADUAQQBEAEEAQQBOAFEAQQAyAEEARABrAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 662 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bf68ac78-9eec-4900-83c6-56a9cf99b8b4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHgAQQBEAEEAQQBNAFEAQQB3AEEAQwA0AEEATQBBAEEAMQBBAEMAMABBAE0AUQBBADQAQQBEAE0AQQBNAHcAQQB5AEEARABZAEEATwBBAEEANABBAEQAQQBBAE4AQQBBADUAQQBEAEEAQQBOAFEAQQAyAEEARABrAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 661 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bf68ac78-9eec-4900-83c6-56a9cf99b8b4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHgAQQBEAEEAQQBNAFEAQQB3AEEAQwA0AEEATQBBAEEAMQBBAEMAMABBAE0AUQBBADQAQQBEAE0AQQBNAHcAQQB5AEEARABZAEEATwBBAEEANABBAEQAQQBBAE4AQQBBADUAQQBEAEEAQQBOAFEAQQAyAEEARABrAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 660 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bf68ac78-9eec-4900-83c6-56a9cf99b8b4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHgAQQBEAEEAQQBNAFEAQQB3AEEAQwA0AEEATQBBAEEAMQBBAEMAMABBAE0AUQBBADQAQQBEAE0AQQBNAHcAQQB5AEEARABZAEEATwBBAEEANABBAEQAQQBBAE4AQQBBADUAQQBEAEEAQQBOAFEAQQAyAEEARABrAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 659 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ac92d073-8227-4726-a928-95572e167e56
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAFEAQQB3AEEARABBAEEATgBBAEEAdQBBAEQAWQBBAE0AdwBBAHQAQQBEAEkAQQBNAFEAQQAyAEEARABFAEEATQB3AEEAeQBBAEQAQQBBAE4AQQBBADIAQQBEAEkAQQBPAFEAQQB5AEEARABJAEEATQB3AEEAMQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=67d21c89-7cfc-43e7-94e2-4c46e0d5abaa
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 658 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4ddeb57c-1564-4551-974a-186757416423
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADAANAAuADYAMwAtADIAMQA2ADEAMwAyADAANAA2ADIAOQAyADIAMwA1ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=35164fcd-898b-4ee2-92da-92b2214971ee
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 657 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4ddeb57c-1564-4551-974a-186757416423
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADAANAAuADYAMwAtADIAMQA2ADEAMwAyADAANAA2ADIAOQAyADIAMwA1ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=35164fcd-898b-4ee2-92da-92b2214971ee
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 656 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4ddeb57c-1564-4551-974a-186757416423
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADAANAAuADYAMwAtADIAMQA2ADEAMwAyADAANAA2ADIAOQAyADIAMwA1ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 655 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4ddeb57c-1564-4551-974a-186757416423
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADAANAAuADYAMwAtADIAMQA2ADEAMwAyADAANAA2ADIAOQAyADIAMwA1ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 654 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4ddeb57c-1564-4551-974a-186757416423
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADAANAAuADYAMwAtADIAMQA2ADEAMwAyADAANAA2ADIAOQAyADIAMwA1ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 653 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4ddeb57c-1564-4551-974a-186757416423
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADAANAAuADYAMwAtADIAMQA2ADEAMwAyADAANAA2ADIAOQAyADIAMwA1ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 652 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4ddeb57c-1564-4551-974a-186757416423
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADAANAAuADYAMwAtADIAMQA2ADEAMwAyADAANAA2ADIAOQAyADIAMwA1ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 651 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4ddeb57c-1564-4551-974a-186757416423
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADAANAAuADYAMwAtADIAMQA2ADEAMwAyADAANAA2ADIAOQAyADIAMwA1ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 650 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ac92d073-8227-4726-a928-95572e167e56
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAFEAQQB3AEEARABBAEEATgBBAEEAdQBBAEQAWQBBAE0AdwBBAHQAQQBEAEkAQQBNAFEAQQAyAEEARABFAEEATQB3AEEAeQBBAEQAQQBBAE4AQQBBADIAQQBEAEkAQQBPAFEAQQB5AEEARABJAEEATQB3AEEAMQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=67d21c89-7cfc-43e7-94e2-4c46e0d5abaa
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 649 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ac92d073-8227-4726-a928-95572e167e56
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAFEAQQB3AEEARABBAEEATgBBAEEAdQBBAEQAWQBBAE0AdwBBAHQAQQBEAEkAQQBNAFEAQQAyAEEARABFAEEATQB3AEEAeQBBAEQAQQBBAE4AQQBBADIAQQBEAEkAQQBPAFEAQQB5AEEARABJAEEATQB3AEEAMQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 648 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ac92d073-8227-4726-a928-95572e167e56
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAFEAQQB3AEEARABBAEEATgBBAEEAdQBBAEQAWQBBAE0AdwBBAHQAQQBEAEkAQQBNAFEAQQAyAEEARABFAEEATQB3AEEAeQBBAEQAQQBBAE4AQQBBADIAQQBEAEkAQQBPAFEAQQB5AEEARABJAEEATQB3AEEAMQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 647 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ac92d073-8227-4726-a928-95572e167e56
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAFEAQQB3AEEARABBAEEATgBBAEEAdQBBAEQAWQBBAE0AdwBBAHQAQQBEAEkAQQBNAFEAQQAyAEEARABFAEEATQB3AEEAeQBBAEQAQQBBAE4AQQBBADIAQQBEAEkAQQBPAFEAQQB5AEEARABJAEEATQB3AEEAMQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 646 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ac92d073-8227-4726-a928-95572e167e56
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAFEAQQB3AEEARABBAEEATgBBAEEAdQBBAEQAWQBBAE0AdwBBAHQAQQBEAEkAQQBNAFEAQQAyAEEARABFAEEATQB3AEEAeQBBAEQAQQBBAE4AQQBBADIAQQBEAEkAQQBPAFEAQQB5AEEARABJAEEATQB3AEEAMQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 645 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ac92d073-8227-4726-a928-95572e167e56
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAFEAQQB3AEEARABBAEEATgBBAEEAdQBBAEQAWQBBAE0AdwBBAHQAQQBEAEkAQQBNAFEAQQAyAEEARABFAEEATQB3AEEAeQBBAEQAQQBBAE4AQQBBADIAQQBEAEkAQQBPAFEAQQB5AEEARABJAEEATQB3AEEAMQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 644 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ac92d073-8227-4726-a928-95572e167e56
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQASQBBAE4AZwBBAHkAQQBEAFkAQQBNAFEAQQB3AEEARABBAEEATgBBAEEAdQBBAEQAWQBBAE0AdwBBAHQAQQBEAEkAQQBNAFEAQQAyAEEARABFAEEATQB3AEEAeQBBAEQAQQBBAE4AQQBBADIAQQBEAEkAQQBPAFEAQQB5AEEARABJAEEATQB3AEEAMQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 643 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5f10d8fd-b60d-4c57-8d4b-6b7bebf7d935
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=11ed6d3d-4b74-4fd2-82a9-a8d347d1638b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 642 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4026db00-9837-46d1-b3df-50bbeb265cbd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=015e6e75-62f8-496a-ba8a-17e102746d8a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 641 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:08 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4026db00-9837-46d1-b3df-50bbeb265cbd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 640 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:08 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4026db00-9837-46d1-b3df-50bbeb265cbd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 639 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:08 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4026db00-9837-46d1-b3df-50bbeb265cbd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 638 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:08 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4026db00-9837-46d1-b3df-50bbeb265cbd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 637 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:08 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4026db00-9837-46d1-b3df-50bbeb265cbd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 636 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:08 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4026db00-9837-46d1-b3df-50bbeb265cbd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 635 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:08 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4026db00-9837-46d1-b3df-50bbeb265cbd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 634 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:08 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4026db00-9837-46d1-b3df-50bbeb265cbd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 633 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:08 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5f10d8fd-b60d-4c57-8d4b-6b7bebf7d935
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=11ed6d3d-4b74-4fd2-82a9-a8d347d1638b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 632 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:08 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5f10d8fd-b60d-4c57-8d4b-6b7bebf7d935
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 631 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:08 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5f10d8fd-b60d-4c57-8d4b-6b7bebf7d935
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 630 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:08 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5f10d8fd-b60d-4c57-8d4b-6b7bebf7d935
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 629 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:08 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5f10d8fd-b60d-4c57-8d4b-6b7bebf7d935
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 628 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:08 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5f10d8fd-b60d-4c57-8d4b-6b7bebf7d935
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 627 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:08 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5f10d8fd-b60d-4c57-8d4b-6b7bebf7d935
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 626 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:08 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=eb47516a-8e2e-4890-87eb-2f8f655af321
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADAANAAuADYAMwAtADIAMQA2ADEAMwAyADAANAA2ADIAOQAyADIAMwA1AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=645f38d3-f3fb-4c67-8c5f-0056a72c9ff6
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 625 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:07 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=eb47516a-8e2e-4890-87eb-2f8f655af321
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADAANAAuADYAMwAtADIAMQA2ADEAMwAyADAANAA2ADIAOQAyADIAMwA1AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=645f38d3-f3fb-4c67-8c5f-0056a72c9ff6
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 624 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:07 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=eb47516a-8e2e-4890-87eb-2f8f655af321
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADAANAAuADYAMwAtADIAMQA2ADEAMwAyADAANAA2ADIAOQAyADIAMwA1AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 623 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:07 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=eb47516a-8e2e-4890-87eb-2f8f655af321
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADAANAAuADYAMwAtADIAMQA2ADEAMwAyADAANAA2ADIAOQAyADIAMwA1AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 622 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:07 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=eb47516a-8e2e-4890-87eb-2f8f655af321
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADAANAAuADYAMwAtADIAMQA2ADEAMwAyADAANAA2ADIAOQAyADIAMwA1AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 621 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:07 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=eb47516a-8e2e-4890-87eb-2f8f655af321
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADAANAAuADYAMwAtADIAMQA2ADEAMwAyADAANAA2ADIAOQAyADIAMwA1AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 620 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:07 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=eb47516a-8e2e-4890-87eb-2f8f655af321
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADAANAAuADYAMwAtADIAMQA2ADEAMwAyADAANAA2ADIAOQAyADIAMwA1AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 619 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:07 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=eb47516a-8e2e-4890-87eb-2f8f655af321
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADIANgAyADYAMQAwADAANAAuADYAMwAtADIAMQA2ADEAMwAyADAANAA2ADIAOQAyADIAMwA1AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 618 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:07 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ca1f2044-a224-4e11-83c9-4e7899a1a6b9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=4e3b80a3-cac3-4ff2-a694-d036248ea9f4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 617 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:07 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ad3aaf1c-3046-4b52-a03c-40481c71e8a8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=8d579148-e283-47c8-9299-b2e8d780e64e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 616 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:06 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ad3aaf1c-3046-4b52-a03c-40481c71e8a8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 615 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:06 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ad3aaf1c-3046-4b52-a03c-40481c71e8a8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 614 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:06 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ad3aaf1c-3046-4b52-a03c-40481c71e8a8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 613 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:06 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ad3aaf1c-3046-4b52-a03c-40481c71e8a8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 612 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:06 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ad3aaf1c-3046-4b52-a03c-40481c71e8a8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 611 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:06 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ad3aaf1c-3046-4b52-a03c-40481c71e8a8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 610 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:06 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ad3aaf1c-3046-4b52-a03c-40481c71e8a8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 609 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:06 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=ad3aaf1c-3046-4b52-a03c-40481c71e8a8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 608 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:06 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ca1f2044-a224-4e11-83c9-4e7899a1a6b9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=4e3b80a3-cac3-4ff2-a694-d036248ea9f4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 607 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:05 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ca1f2044-a224-4e11-83c9-4e7899a1a6b9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 606 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:05 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ca1f2044-a224-4e11-83c9-4e7899a1a6b9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 605 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:05 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ca1f2044-a224-4e11-83c9-4e7899a1a6b9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 604 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:05 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ca1f2044-a224-4e11-83c9-4e7899a1a6b9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 603 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:05 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ca1f2044-a224-4e11-83c9-4e7899a1a6b9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 602 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:05 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ca1f2044-a224-4e11-83c9-4e7899a1a6b9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 601 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:05 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=244f3873-29d6-4b49-a596-7eee6e9fac6f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHgAQQBEAEEAQQBNAEEAQQAwAEEAQwA0AEEATgBnAEEAegBBAEMAMABBAE0AZwBBAHgAQQBEAFkAQQBNAFEAQQB6AEEARABJAEEATQBBAEEAMABBAEQAWQBBAE0AZwBBADUAQQBEAEkAQQBNAGcAQQB6AEEARABVAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=1f5a2cf9-d987-44b2-84ad-198bbd6e8485
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 600 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:05 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8876abbe-145b-41e8-8726-37b4bb83a437
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAxADAAMAA0AC4ANgAzAC0AMgAxADYAMQAzADIAMAA0ADYAMgA5ADIAMgAzADUAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=53adfea4-cd38-449c-abfb-0289b065bfe4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 599 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:05 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8876abbe-145b-41e8-8726-37b4bb83a437
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAxADAAMAA0AC4ANgAzAC0AMgAxADYAMQAzADIAMAA0ADYAMgA5ADIAMgAzADUAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=53adfea4-cd38-449c-abfb-0289b065bfe4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 598 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:05 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8876abbe-145b-41e8-8726-37b4bb83a437
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAxADAAMAA0AC4ANgAzAC0AMgAxADYAMQAzADIAMAA0ADYAMgA5ADIAMgAzADUAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 597 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:05 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8876abbe-145b-41e8-8726-37b4bb83a437
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAxADAAMAA0AC4ANgAzAC0AMgAxADYAMQAzADIAMAA0ADYAMgA5ADIAMgAzADUAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 596 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:05 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8876abbe-145b-41e8-8726-37b4bb83a437
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAxADAAMAA0AC4ANgAzAC0AMgAxADYAMQAzADIAMAA0ADYAMgA5ADIAMgAzADUAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 595 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:05 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8876abbe-145b-41e8-8726-37b4bb83a437
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAxADAAMAA0AC4ANgAzAC0AMgAxADYAMQAzADIAMAA0ADYAMgA5ADIAMgAzADUAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 594 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:05 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8876abbe-145b-41e8-8726-37b4bb83a437
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAxADAAMAA0AC4ANgAzAC0AMgAxADYAMQAzADIAMAA0ADYAMgA5ADIAMgAzADUAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 593 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:05 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8876abbe-145b-41e8-8726-37b4bb83a437
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMgA2ADIANgAxADAAMAA0AC4ANgAzAC0AMgAxADYAMQAzADIAMAA0ADYAMgA5ADIAMgAzADUAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 592 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:05 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=244f3873-29d6-4b49-a596-7eee6e9fac6f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHgAQQBEAEEAQQBNAEEAQQAwAEEAQwA0AEEATgBnAEEAegBBAEMAMABBAE0AZwBBAHgAQQBEAFkAQQBNAFEAQQB6AEEARABJAEEATQBBAEEAMABBAEQAWQBBAE0AZwBBADUAQQBEAEkAQQBNAGcAQQB6AEEARABVAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=1f5a2cf9-d987-44b2-84ad-198bbd6e8485
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 591 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:04 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=244f3873-29d6-4b49-a596-7eee6e9fac6f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHgAQQBEAEEAQQBNAEEAQQAwAEEAQwA0AEEATgBnAEEAegBBAEMAMABBAE0AZwBBAHgAQQBEAFkAQQBNAFEAQQB6AEEARABJAEEATQBBAEEAMABBAEQAWQBBAE0AZwBBADUAQQBEAEkAQQBNAGcAQQB6AEEARABVAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 590 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:04 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=244f3873-29d6-4b49-a596-7eee6e9fac6f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHgAQQBEAEEAQQBNAEEAQQAwAEEAQwA0AEEATgBnAEEAegBBAEMAMABBAE0AZwBBAHgAQQBEAFkAQQBNAFEAQQB6AEEARABJAEEATQBBAEEAMABBAEQAWQBBAE0AZwBBADUAQQBEAEkAQQBNAGcAQQB6AEEARABVAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 589 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:04 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=244f3873-29d6-4b49-a596-7eee6e9fac6f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHgAQQBEAEEAQQBNAEEAQQAwAEEAQwA0AEEATgBnAEEAegBBAEMAMABBAE0AZwBBAHgAQQBEAFkAQQBNAFEAQQB6AEEARABJAEEATQBBAEEAMABBAEQAWQBBAE0AZwBBADUAQQBEAEkAQQBNAGcAQQB6AEEARABVAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 588 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:04 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=244f3873-29d6-4b49-a596-7eee6e9fac6f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHgAQQBEAEEAQQBNAEEAQQAwAEEAQwA0AEEATgBnAEEAegBBAEMAMABBAE0AZwBBAHgAQQBEAFkAQQBNAFEAQQB6AEEARABJAEEATQBBAEEAMABBAEQAWQBBAE0AZwBBADUAQQBEAEkAQQBNAGcAQQB6AEEARABVAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 587 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:04 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=244f3873-29d6-4b49-a596-7eee6e9fac6f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHgAQQBEAEEAQQBNAEEAQQAwAEEAQwA0AEEATgBnAEEAegBBAEMAMABBAE0AZwBBAHgAQQBEAFkAQQBNAFEAQQB6AEEARABJAEEATQBBAEEAMABBAEQAWQBBAE0AZwBBADUAQQBEAEkAQQBNAGcAQQB6AEEARABVAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 586 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:04 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=244f3873-29d6-4b49-a596-7eee6e9fac6f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBnAEEAMgBBAEQASQBBAE4AZwBBAHgAQQBEAEEAQQBNAEEAQQAwAEEAQwA0AEEATgBnAEEAegBBAEMAMABBAE0AZwBBAHgAQQBEAFkAQQBNAFEAQQB6AEEARABJAEEATQBBAEEAMABBAEQAWQBBAE0AZwBBADUAQQBEAEkAQQBNAGcAQQB6AEEARABVAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 585 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:04 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0010a256-6896-4a61-a23f-ee546892d5f4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e41b9e02-004f-429b-95e8-6bcdac70a01c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 584 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:04 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=053e2c15-5337-4757-af60-d697c6f3c92f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=3b098b88-30c9-4074-a936-6beb7d157241
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 583 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:03 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=053e2c15-5337-4757-af60-d697c6f3c92f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 582 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:03 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=053e2c15-5337-4757-af60-d697c6f3c92f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 581 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:03 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=053e2c15-5337-4757-af60-d697c6f3c92f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 580 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:03 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=053e2c15-5337-4757-af60-d697c6f3c92f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 579 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:03 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=053e2c15-5337-4757-af60-d697c6f3c92f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 578 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:03 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=053e2c15-5337-4757-af60-d697c6f3c92f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 577 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:03 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=053e2c15-5337-4757-af60-d697c6f3c92f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 576 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:03 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=053e2c15-5337-4757-af60-d697c6f3c92f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 575 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:03 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0010a256-6896-4a61-a23f-ee546892d5f4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e41b9e02-004f-429b-95e8-6bcdac70a01c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 574 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0010a256-6896-4a61-a23f-ee546892d5f4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 573 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0010a256-6896-4a61-a23f-ee546892d5f4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 572 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0010a256-6896-4a61-a23f-ee546892d5f4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 571 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0010a256-6896-4a61-a23f-ee546892d5f4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 570 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0010a256-6896-4a61-a23f-ee546892d5f4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 569 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0010a256-6896-4a61-a23f-ee546892d5f4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 568 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2dded3e5-d8d9-4b2b-be38-8af3132b0e3d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=cac906b8-fe55-48e7-a30e-50e80508ebc0
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 567 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=99fe8714-ec3f-4a0f-8c84-55777a2ec5c9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=7fe9935a-33e2-4342-bb10-73d97a9599a1
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 566 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=99fe8714-ec3f-4a0f-8c84-55777a2ec5c9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 565 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=99fe8714-ec3f-4a0f-8c84-55777a2ec5c9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 564 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=99fe8714-ec3f-4a0f-8c84-55777a2ec5c9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 563 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=99fe8714-ec3f-4a0f-8c84-55777a2ec5c9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 562 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=99fe8714-ec3f-4a0f-8c84-55777a2ec5c9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 561 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=99fe8714-ec3f-4a0f-8c84-55777a2ec5c9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 560 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=99fe8714-ec3f-4a0f-8c84-55777a2ec5c9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 559 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=99fe8714-ec3f-4a0f-8c84-55777a2ec5c9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 558 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:02 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2dded3e5-d8d9-4b2b-be38-8af3132b0e3d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=cac906b8-fe55-48e7-a30e-50e80508ebc0
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 557 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:01 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2dded3e5-d8d9-4b2b-be38-8af3132b0e3d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 556 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:01 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2dded3e5-d8d9-4b2b-be38-8af3132b0e3d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 555 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:01 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2dded3e5-d8d9-4b2b-be38-8af3132b0e3d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 554 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:01 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2dded3e5-d8d9-4b2b-be38-8af3132b0e3d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 553 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:01 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2dded3e5-d8d9-4b2b-be38-8af3132b0e3d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 552 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:01 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2dded3e5-d8d9-4b2b-be38-8af3132b0e3d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 551 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:01 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9f5c889e-f77b-4c5a-a554-41ae78406f94
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=07dcff96-c5ba-4b59-942d-39d7701c9ae3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 550 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:00 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2d784d8f-47cc-4ef1-851d-6e851bb98420
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=43dc2253-a7f0-40f4-8e3e-ef9b8c385083
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $symlink_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.ComponentModel;
using System.Runtime.InteropServices;
namespace Ansible.Command {
public class SymLinkHelper {
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool DeleteFileW(string lpFileName);
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool RemoveDirectoryW(string lpPathName);
public static void DeleteDirectory(string path) {
if (!RemoveDirectoryW(path))
throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
public static void DeleteFile(string path) {
if (!DeleteFileW(path))
throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 549 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:00 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2d784d8f-47cc-4ef1-851d-6e851bb98420
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=43dc2253-a7f0-40f4-8e3e-ef9b8c385083
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 548 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:00 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2d784d8f-47cc-4ef1-851d-6e851bb98420
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 547 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:00 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2d784d8f-47cc-4ef1-851d-6e851bb98420
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 546 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:00 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2d784d8f-47cc-4ef1-851d-6e851bb98420
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 545 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:00 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2d784d8f-47cc-4ef1-851d-6e851bb98420
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 544 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:00 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2d784d8f-47cc-4ef1-851d-6e851bb98420
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 543 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:00 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2d784d8f-47cc-4ef1-851d-6e851bb98420
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 542 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:00 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2d784d8f-47cc-4ef1-851d-6e851bb98420
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 541 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:00 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2d784d8f-47cc-4ef1-851d-6e851bb98420
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 540 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:10:00 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9f5c889e-f77b-4c5a-a554-41ae78406f94
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=07dcff96-c5ba-4b59-942d-39d7701c9ae3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 539 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9f5c889e-f77b-4c5a-a554-41ae78406f94
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 538 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9f5c889e-f77b-4c5a-a554-41ae78406f94
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 537 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9f5c889e-f77b-4c5a-a554-41ae78406f94
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 536 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9f5c889e-f77b-4c5a-a554-41ae78406f94
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 535 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9f5c889e-f77b-4c5a-a554-41ae78406f94
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 534 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9f5c889e-f77b-4c5a-a554-41ae78406f94
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 533 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:59 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9d1b11e5-e488-4fff-a8c2-26b9b2a4173f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=12816eb0-a79e-4d4f-b866-f377307be47a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 532 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:58 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=33cf4741-c405-4460-8f66-3f0ebb6798ad
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=4c7a9d82-b60e-4d1c-93e2-7745bcd1356b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 531 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:58 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=33cf4741-c405-4460-8f66-3f0ebb6798ad
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 530 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:58 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=33cf4741-c405-4460-8f66-3f0ebb6798ad
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 529 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:58 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=33cf4741-c405-4460-8f66-3f0ebb6798ad
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 528 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:58 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=33cf4741-c405-4460-8f66-3f0ebb6798ad
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 527 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:58 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=33cf4741-c405-4460-8f66-3f0ebb6798ad
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 526 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:58 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=33cf4741-c405-4460-8f66-3f0ebb6798ad
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 525 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:58 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=33cf4741-c405-4460-8f66-3f0ebb6798ad
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 524 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:58 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=33cf4741-c405-4460-8f66-3f0ebb6798ad
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 523 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:58 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9d1b11e5-e488-4fff-a8c2-26b9b2a4173f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=12816eb0-a79e-4d4f-b866-f377307be47a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 522 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:57 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9d1b11e5-e488-4fff-a8c2-26b9b2a4173f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 521 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:57 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9d1b11e5-e488-4fff-a8c2-26b9b2a4173f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 520 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:57 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9d1b11e5-e488-4fff-a8c2-26b9b2a4173f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 519 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:57 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9d1b11e5-e488-4fff-a8c2-26b9b2a4173f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 518 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:57 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9d1b11e5-e488-4fff-a8c2-26b9b2a4173f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 517 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:57 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9d1b11e5-e488-4fff-a8c2-26b9b2a4173f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 516 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:57 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fac15c9d-c110-45e5-bee4-83975e445713
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=1f66341f-8abd-4946-8e45-72cffe8e1644
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 515 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:55 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8c096539-9ef9-47f0-ab62-b43fa5f6dc4b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=634188fb-9647-49ba-8de3-5b46bf44f511
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 514 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:49 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8c096539-9ef9-47f0-ab62-b43fa5f6dc4b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 513 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:49 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8c096539-9ef9-47f0-ab62-b43fa5f6dc4b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 512 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:49 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8c096539-9ef9-47f0-ab62-b43fa5f6dc4b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 511 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:49 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8c096539-9ef9-47f0-ab62-b43fa5f6dc4b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 510 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:49 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8c096539-9ef9-47f0-ab62-b43fa5f6dc4b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 509 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:49 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8c096539-9ef9-47f0-ab62-b43fa5f6dc4b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 508 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:49 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8c096539-9ef9-47f0-ab62-b43fa5f6dc4b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 507 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:49 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8c096539-9ef9-47f0-ab62-b43fa5f6dc4b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 506 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:49 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fac15c9d-c110-45e5-bee4-83975e445713
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=1f66341f-8abd-4946-8e45-72cffe8e1644
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 505 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:48 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fac15c9d-c110-45e5-bee4-83975e445713
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 504 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:48 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fac15c9d-c110-45e5-bee4-83975e445713
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 503 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:48 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fac15c9d-c110-45e5-bee4-83975e445713
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 502 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:48 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fac15c9d-c110-45e5-bee4-83975e445713
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 501 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:48 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fac15c9d-c110-45e5-bee4-83975e445713
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 500 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:48 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fac15c9d-c110-45e5-bee4-83975e445713
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 499 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:48 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5b34471f-faac-4e93-b0ed-0319c1d0206f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=19fa39a6-53bb-4954-b6aa-02652e0f594e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 498 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:47 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=da61bd3f-75cf-4223-9000-ed04a8ec9c39
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=3b836d85-94a4-438c-b682-d90b164fd9bb
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 497 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:46 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=da61bd3f-75cf-4223-9000-ed04a8ec9c39
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 496 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:46 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=da61bd3f-75cf-4223-9000-ed04a8ec9c39
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 495 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:46 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=da61bd3f-75cf-4223-9000-ed04a8ec9c39
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 494 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:46 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=da61bd3f-75cf-4223-9000-ed04a8ec9c39
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 493 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:46 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=da61bd3f-75cf-4223-9000-ed04a8ec9c39
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 492 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:46 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=da61bd3f-75cf-4223-9000-ed04a8ec9c39
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 491 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:46 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=da61bd3f-75cf-4223-9000-ed04a8ec9c39
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 490 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:46 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=da61bd3f-75cf-4223-9000-ed04a8ec9c39
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 489 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:46 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5b34471f-faac-4e93-b0ed-0319c1d0206f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=19fa39a6-53bb-4954-b6aa-02652e0f594e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 488 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:45 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5b34471f-faac-4e93-b0ed-0319c1d0206f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 487 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:45 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5b34471f-faac-4e93-b0ed-0319c1d0206f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 486 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:45 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5b34471f-faac-4e93-b0ed-0319c1d0206f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 485 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:45 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5b34471f-faac-4e93-b0ed-0319c1d0206f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 484 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:45 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5b34471f-faac-4e93-b0ed-0319c1d0206f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 483 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:45 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5b34471f-faac-4e93-b0ed-0319c1d0206f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 482 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:45 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f3460b48-a1d4-434f-a303-bdaa143d8d49
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=cc23b4e6-8763-495c-8a64-0de58399c0bf
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 481 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:45 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e2d5dc7b-f1fa-44ee-8826-6cd79fb1ea59
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=4f377dfe-d67e-4629-ae58-7cfc8562efae
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 480 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:43 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e2d5dc7b-f1fa-44ee-8826-6cd79fb1ea59
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 479 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:43 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e2d5dc7b-f1fa-44ee-8826-6cd79fb1ea59
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 478 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:43 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e2d5dc7b-f1fa-44ee-8826-6cd79fb1ea59
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 477 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:43 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e2d5dc7b-f1fa-44ee-8826-6cd79fb1ea59
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 476 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:43 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e2d5dc7b-f1fa-44ee-8826-6cd79fb1ea59
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 475 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:43 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e2d5dc7b-f1fa-44ee-8826-6cd79fb1ea59
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 474 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:43 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e2d5dc7b-f1fa-44ee-8826-6cd79fb1ea59
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 473 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:43 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e2d5dc7b-f1fa-44ee-8826-6cd79fb1ea59
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 472 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:43 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f3460b48-a1d4-434f-a303-bdaa143d8d49
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=cc23b4e6-8763-495c-8a64-0de58399c0bf
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 471 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:42 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f3460b48-a1d4-434f-a303-bdaa143d8d49
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 470 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:42 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f3460b48-a1d4-434f-a303-bdaa143d8d49
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 469 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:42 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f3460b48-a1d4-434f-a303-bdaa143d8d49
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 468 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:42 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f3460b48-a1d4-434f-a303-bdaa143d8d49
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 467 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:42 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f3460b48-a1d4-434f-a303-bdaa143d8d49
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 466 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:42 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f3460b48-a1d4-434f-a303-bdaa143d8d49
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 465 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:42 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b1061858-06fe-4521-929b-8961a79df29c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=779fa24b-40b6-4f36-9cb9-d3695d0fa269
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 464 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:42 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2b725321-feb3-4554-a627-373d587badd6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=140cc129-a8bd-4fee-8f13-424a5a5c7f61
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 463 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:41 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2b725321-feb3-4554-a627-373d587badd6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 462 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:41 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2b725321-feb3-4554-a627-373d587badd6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 461 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:41 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2b725321-feb3-4554-a627-373d587badd6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 460 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:41 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2b725321-feb3-4554-a627-373d587badd6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 459 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:41 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2b725321-feb3-4554-a627-373d587badd6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 458 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:41 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2b725321-feb3-4554-a627-373d587badd6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 457 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:41 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2b725321-feb3-4554-a627-373d587badd6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 456 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:41 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2b725321-feb3-4554-a627-373d587badd6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 455 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:41 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b1061858-06fe-4521-929b-8961a79df29c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=779fa24b-40b6-4f36-9cb9-d3695d0fa269
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 454 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:40 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b1061858-06fe-4521-929b-8961a79df29c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 453 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:40 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b1061858-06fe-4521-929b-8961a79df29c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 452 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:40 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b1061858-06fe-4521-929b-8961a79df29c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 451 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:40 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b1061858-06fe-4521-929b-8961a79df29c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 450 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:40 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b1061858-06fe-4521-929b-8961a79df29c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 449 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:40 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b1061858-06fe-4521-929b-8961a79df29c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 448 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:40 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a98de7c3-c45e-40bb-879e-7c23af06605f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=28004e73-951f-4b34-9658-0745ef7a368f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 447 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:40 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2166f774-effb-42fb-a3fd-592052372496
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9da1b6e9-f1c9-469b-9bba-c309065238bd
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 446 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:37 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2166f774-effb-42fb-a3fd-592052372496
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 445 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:37 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2166f774-effb-42fb-a3fd-592052372496
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 444 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:37 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2166f774-effb-42fb-a3fd-592052372496
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 443 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:37 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2166f774-effb-42fb-a3fd-592052372496
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 442 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:37 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2166f774-effb-42fb-a3fd-592052372496
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 441 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:37 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2166f774-effb-42fb-a3fd-592052372496
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 440 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:37 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2166f774-effb-42fb-a3fd-592052372496
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 439 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:37 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2166f774-effb-42fb-a3fd-592052372496
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 438 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:37 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a98de7c3-c45e-40bb-879e-7c23af06605f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=28004e73-951f-4b34-9658-0745ef7a368f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 437 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:36 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a98de7c3-c45e-40bb-879e-7c23af06605f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 436 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:36 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a98de7c3-c45e-40bb-879e-7c23af06605f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 435 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:36 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a98de7c3-c45e-40bb-879e-7c23af06605f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 434 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:36 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a98de7c3-c45e-40bb-879e-7c23af06605f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 433 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:36 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a98de7c3-c45e-40bb-879e-7c23af06605f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 432 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:36 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a98de7c3-c45e-40bb-879e-7c23af06605f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 431 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:36 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5ef26506-afb6-4509-a423-1a0ddfefc9f2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=25905f5b-b18f-4fc2-8649-6d192630d56d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 430 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:35 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=93eb57d7-682e-4946-9510-daf116fd25a4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=0a9d54bd-04be-4be4-98c3-6675fda58f05
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 429 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:31 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=93eb57d7-682e-4946-9510-daf116fd25a4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 428 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:31 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=93eb57d7-682e-4946-9510-daf116fd25a4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 427 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:31 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=93eb57d7-682e-4946-9510-daf116fd25a4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 426 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:31 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=93eb57d7-682e-4946-9510-daf116fd25a4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 425 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:31 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=93eb57d7-682e-4946-9510-daf116fd25a4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 424 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:31 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=93eb57d7-682e-4946-9510-daf116fd25a4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 423 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:31 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=93eb57d7-682e-4946-9510-daf116fd25a4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 422 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:31 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=93eb57d7-682e-4946-9510-daf116fd25a4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 421 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:31 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5ef26506-afb6-4509-a423-1a0ddfefc9f2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=25905f5b-b18f-4fc2-8649-6d192630d56d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 420 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:30 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5ef26506-afb6-4509-a423-1a0ddfefc9f2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 419 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:30 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5ef26506-afb6-4509-a423-1a0ddfefc9f2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 418 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:30 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5ef26506-afb6-4509-a423-1a0ddfefc9f2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 417 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:30 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5ef26506-afb6-4509-a423-1a0ddfefc9f2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 416 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:30 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5ef26506-afb6-4509-a423-1a0ddfefc9f2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 415 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:30 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5ef26506-afb6-4509-a423-1a0ddfefc9f2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 414 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:30 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2544d2ce-b3ce-41f9-82d4-affee8d68905
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=cbef10b7-56ad-4279-ad7f-aeeff9841fda
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 413 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:29 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=11890181-eb79-4683-bddd-00255d02e97d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e38644b8-11f8-4351-8ff2-c6aaae79dcc8
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $symlink_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.ComponentModel;
using System.Runtime.InteropServices;
namespace Ansible.Command {
public class SymLinkHelper {
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool DeleteFileW(string lpFileName);
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool RemoveDirectoryW(string lpPathName);
public static void DeleteDirectory(string path) {
if (!RemoveDirectoryW(path))
throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
public static void DeleteFile(string path) {
if (!DeleteFileW(path))
throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 412 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:29 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=11890181-eb79-4683-bddd-00255d02e97d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e38644b8-11f8-4351-8ff2-c6aaae79dcc8
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 411 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:29 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=11890181-eb79-4683-bddd-00255d02e97d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 410 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:29 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=11890181-eb79-4683-bddd-00255d02e97d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 409 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:29 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=11890181-eb79-4683-bddd-00255d02e97d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 408 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:29 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=11890181-eb79-4683-bddd-00255d02e97d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 407 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:29 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=11890181-eb79-4683-bddd-00255d02e97d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 406 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:29 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=11890181-eb79-4683-bddd-00255d02e97d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 405 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:29 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=11890181-eb79-4683-bddd-00255d02e97d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 404 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:29 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=11890181-eb79-4683-bddd-00255d02e97d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 403 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:29 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2544d2ce-b3ce-41f9-82d4-affee8d68905
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=cbef10b7-56ad-4279-ad7f-aeeff9841fda
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 402 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2544d2ce-b3ce-41f9-82d4-affee8d68905
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 401 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2544d2ce-b3ce-41f9-82d4-affee8d68905
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 400 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2544d2ce-b3ce-41f9-82d4-affee8d68905
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 399 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2544d2ce-b3ce-41f9-82d4-affee8d68905
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 398 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2544d2ce-b3ce-41f9-82d4-affee8d68905
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 397 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2544d2ce-b3ce-41f9-82d4-affee8d68905
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 396 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cfa73be6-1d75-4b55-a1fa-b2a359dd9ea1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=748f4134-8744-4e15-9d48-2dfbc21b4121
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 395 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=095fc0f5-6c72-445d-91a5-7d7a4c73d2ce
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b8c7f3c4-6bdb-4071-bb7d-304db930f01f
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $symlink_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.ComponentModel;
using System.Runtime.InteropServices;
namespace Ansible.Command {
public class SymLinkHelper {
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool DeleteFileW(string lpFileName);
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool RemoveDirectoryW(string lpPathName);
public static void DeleteDirectory(string path) {
if (!RemoveDirectoryW(path))
throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
public static void DeleteFile(string path) {
if (!DeleteFileW(path))
throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 394 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=095fc0f5-6c72-445d-91a5-7d7a4c73d2ce
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b8c7f3c4-6bdb-4071-bb7d-304db930f01f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 393 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=095fc0f5-6c72-445d-91a5-7d7a4c73d2ce
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 392 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=095fc0f5-6c72-445d-91a5-7d7a4c73d2ce
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 391 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=095fc0f5-6c72-445d-91a5-7d7a4c73d2ce
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 390 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=095fc0f5-6c72-445d-91a5-7d7a4c73d2ce
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 389 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=095fc0f5-6c72-445d-91a5-7d7a4c73d2ce
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 388 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=095fc0f5-6c72-445d-91a5-7d7a4c73d2ce
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 387 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=095fc0f5-6c72-445d-91a5-7d7a4c73d2ce
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 386 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=095fc0f5-6c72-445d-91a5-7d7a4c73d2ce
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 385 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cfa73be6-1d75-4b55-a1fa-b2a359dd9ea1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=748f4134-8744-4e15-9d48-2dfbc21b4121
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 384 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:27 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cfa73be6-1d75-4b55-a1fa-b2a359dd9ea1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 383 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:27 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cfa73be6-1d75-4b55-a1fa-b2a359dd9ea1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 382 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:27 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cfa73be6-1d75-4b55-a1fa-b2a359dd9ea1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 381 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:27 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cfa73be6-1d75-4b55-a1fa-b2a359dd9ea1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 380 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:27 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cfa73be6-1d75-4b55-a1fa-b2a359dd9ea1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 379 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:27 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cfa73be6-1d75-4b55-a1fa-b2a359dd9ea1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 378 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:27 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3217bbe3-d96c-4d03-be42-3632add75f8d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=8813f7b8-d35e-43fe-bedb-223374fbe5b5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 377 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:26 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=74090ec8-5ff6-4b0b-a358-70ed981c02a6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=0cf13c52-4645-47b1-8e18-792e73fd0837
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $symlink_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.ComponentModel;
using System.Runtime.InteropServices;
namespace Ansible.Command {
public class SymLinkHelper {
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool DeleteFileW(string lpFileName);
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool RemoveDirectoryW(string lpPathName);
public static void DeleteDirectory(string path) {
if (!RemoveDirectoryW(path))
throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
public static void DeleteFile(string path) {
if (!DeleteFileW(path))
throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 376 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:26 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=74090ec8-5ff6-4b0b-a358-70ed981c02a6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=0cf13c52-4645-47b1-8e18-792e73fd0837
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 375 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:26 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=74090ec8-5ff6-4b0b-a358-70ed981c02a6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 374 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:26 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=74090ec8-5ff6-4b0b-a358-70ed981c02a6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 373 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:26 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=74090ec8-5ff6-4b0b-a358-70ed981c02a6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 372 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:26 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=74090ec8-5ff6-4b0b-a358-70ed981c02a6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 371 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:26 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=74090ec8-5ff6-4b0b-a358-70ed981c02a6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 370 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:26 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=74090ec8-5ff6-4b0b-a358-70ed981c02a6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 369 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:26 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=74090ec8-5ff6-4b0b-a358-70ed981c02a6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 368 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:26 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=74090ec8-5ff6-4b0b-a358-70ed981c02a6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 367 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:26 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3217bbe3-d96c-4d03-be42-3632add75f8d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=8813f7b8-d35e-43fe-bedb-223374fbe5b5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 366 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3217bbe3-d96c-4d03-be42-3632add75f8d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 365 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3217bbe3-d96c-4d03-be42-3632add75f8d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 364 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3217bbe3-d96c-4d03-be42-3632add75f8d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 363 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3217bbe3-d96c-4d03-be42-3632add75f8d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 362 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3217bbe3-d96c-4d03-be42-3632add75f8d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 361 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3217bbe3-d96c-4d03-be42-3632add75f8d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 360 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a8ec9dce-6593-4a63-a75a-1479d4e8ffde
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ce375fc6-e59f-4fa4-95b4-0d6b4b11fd7f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 359 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4a8db573-acb8-4e45-84ed-1a1047ffc055
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9a172179-09db-49b6-8f35-a1587c77e9eb
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $symlink_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.ComponentModel;
using System.Runtime.InteropServices;
namespace Ansible.Command {
public class SymLinkHelper {
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool DeleteFileW(string lpFileName);
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool RemoveDirectoryW(string lpPathName);
public static void DeleteDirectory(string path) {
if (!RemoveDirectoryW(path))
throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
public static void DeleteFile(string path) {
if (!DeleteFileW(path))
throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 358 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4a8db573-acb8-4e45-84ed-1a1047ffc055
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9a172179-09db-49b6-8f35-a1587c77e9eb
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 357 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4a8db573-acb8-4e45-84ed-1a1047ffc055
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 356 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4a8db573-acb8-4e45-84ed-1a1047ffc055
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 355 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4a8db573-acb8-4e45-84ed-1a1047ffc055
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 354 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4a8db573-acb8-4e45-84ed-1a1047ffc055
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 353 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4a8db573-acb8-4e45-84ed-1a1047ffc055
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 352 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4a8db573-acb8-4e45-84ed-1a1047ffc055
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 351 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4a8db573-acb8-4e45-84ed-1a1047ffc055
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 350 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4a8db573-acb8-4e45-84ed-1a1047ffc055
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 349 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:25 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a8ec9dce-6593-4a63-a75a-1479d4e8ffde
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ce375fc6-e59f-4fa4-95b4-0d6b4b11fd7f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 348 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a8ec9dce-6593-4a63-a75a-1479d4e8ffde
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 347 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a8ec9dce-6593-4a63-a75a-1479d4e8ffde
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 346 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a8ec9dce-6593-4a63-a75a-1479d4e8ffde
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 345 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a8ec9dce-6593-4a63-a75a-1479d4e8ffde
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 344 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a8ec9dce-6593-4a63-a75a-1479d4e8ffde
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 343 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a8ec9dce-6593-4a63-a75a-1479d4e8ffde
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 342 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3a7aaf04-f774-4555-8d03-499ff7f72886
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c46f6437-2c89-4ece-b5f0-2581d0178695
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 341 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d49ba9f8-aa2b-464b-8d8e-b4904724da86
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=4b9089a8-585d-4c9d-85f0-56bcdf0397f5
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $symlink_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.ComponentModel;
using System.Runtime.InteropServices;
namespace Ansible.Command {
public class SymLinkHelper {
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool DeleteFileW(string lpFileName);
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool RemoveDirectoryW(string lpPathName);
public static void DeleteDirectory(string path) {
if (!RemoveDirectoryW(path))
throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
public static void DeleteFile(string path) {
if (!DeleteFileW(path))
throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 340 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:24 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d49ba9f8-aa2b-464b-8d8e-b4904724da86
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=4b9089a8-585d-4c9d-85f0-56bcdf0397f5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 339 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:23 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d49ba9f8-aa2b-464b-8d8e-b4904724da86
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 338 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:23 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d49ba9f8-aa2b-464b-8d8e-b4904724da86
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 337 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:23 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d49ba9f8-aa2b-464b-8d8e-b4904724da86
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 336 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:23 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d49ba9f8-aa2b-464b-8d8e-b4904724da86
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 335 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:23 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d49ba9f8-aa2b-464b-8d8e-b4904724da86
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 334 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:23 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d49ba9f8-aa2b-464b-8d8e-b4904724da86
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 333 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:23 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d49ba9f8-aa2b-464b-8d8e-b4904724da86
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 332 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:23 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d49ba9f8-aa2b-464b-8d8e-b4904724da86
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 331 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:23 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3a7aaf04-f774-4555-8d03-499ff7f72886
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c46f6437-2c89-4ece-b5f0-2581d0178695
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 330 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3a7aaf04-f774-4555-8d03-499ff7f72886
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 329 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3a7aaf04-f774-4555-8d03-499ff7f72886
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 328 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3a7aaf04-f774-4555-8d03-499ff7f72886
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 327 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3a7aaf04-f774-4555-8d03-499ff7f72886
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 326 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3a7aaf04-f774-4555-8d03-499ff7f72886
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 325 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3a7aaf04-f774-4555-8d03-499ff7f72886
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 324 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ee0e32e1-0aef-400c-83ef-2a2ff38c20a0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=0fc6625a-6b2d-4025-9dc9-1e2ec5407bd4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 323 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6f39aace-f44d-42b4-93ad-375eeb1e1100
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=bcd84127-2bc4-44a8-8764-c8ffcb1495e8
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $symlink_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.ComponentModel;
using System.Runtime.InteropServices;
namespace Ansible.Command {
public class SymLinkHelper {
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool DeleteFileW(string lpFileName);
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool RemoveDirectoryW(string lpPathName);
public static void DeleteDirectory(string path) {
if (!RemoveDirectoryW(path))
throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
public static void DeleteFile(string path) {
if (!DeleteFileW(path))
throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 322 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6f39aace-f44d-42b4-93ad-375eeb1e1100
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=bcd84127-2bc4-44a8-8764-c8ffcb1495e8
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 321 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6f39aace-f44d-42b4-93ad-375eeb1e1100
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 320 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6f39aace-f44d-42b4-93ad-375eeb1e1100
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 319 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6f39aace-f44d-42b4-93ad-375eeb1e1100
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 318 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6f39aace-f44d-42b4-93ad-375eeb1e1100
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 317 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6f39aace-f44d-42b4-93ad-375eeb1e1100
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 316 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6f39aace-f44d-42b4-93ad-375eeb1e1100
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 315 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6f39aace-f44d-42b4-93ad-375eeb1e1100
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 314 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6f39aace-f44d-42b4-93ad-375eeb1e1100
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 313 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:22 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ee0e32e1-0aef-400c-83ef-2a2ff38c20a0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=0fc6625a-6b2d-4025-9dc9-1e2ec5407bd4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 312 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ee0e32e1-0aef-400c-83ef-2a2ff38c20a0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 311 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ee0e32e1-0aef-400c-83ef-2a2ff38c20a0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 310 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ee0e32e1-0aef-400c-83ef-2a2ff38c20a0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 309 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ee0e32e1-0aef-400c-83ef-2a2ff38c20a0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 308 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ee0e32e1-0aef-400c-83ef-2a2ff38c20a0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 307 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ee0e32e1-0aef-400c-83ef-2a2ff38c20a0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 306 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8af0fe9b-95f5-41a6-ab50-0bf7f6cfe12a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ca3a7fb9-3f76-40da-a353-eac72a47d50c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 305 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=25a84d3b-23f5-4102-844b-2cc451508222
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=cf13de72-a783-4683-8924-b432fd5118d7
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $symlink_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.ComponentModel;
using System.Runtime.InteropServices;
namespace Ansible.Command {
public class SymLinkHelper {
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool DeleteFileW(string lpFileName);
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool RemoveDirectoryW(string lpPathName);
public static void DeleteDirectory(string path) {
if (!RemoveDirectoryW(path))
throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
public static void DeleteFile(string path) {
if (!DeleteFileW(path))
throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 304 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=25a84d3b-23f5-4102-844b-2cc451508222
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=cf13de72-a783-4683-8924-b432fd5118d7
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 303 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=25a84d3b-23f5-4102-844b-2cc451508222
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 302 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=25a84d3b-23f5-4102-844b-2cc451508222
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 301 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=25a84d3b-23f5-4102-844b-2cc451508222
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 300 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=25a84d3b-23f5-4102-844b-2cc451508222
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 299 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=25a84d3b-23f5-4102-844b-2cc451508222
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 298 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=25a84d3b-23f5-4102-844b-2cc451508222
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 297 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=25a84d3b-23f5-4102-844b-2cc451508222
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 296 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=25a84d3b-23f5-4102-844b-2cc451508222
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 295 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:20 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8af0fe9b-95f5-41a6-ab50-0bf7f6cfe12a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ca3a7fb9-3f76-40da-a353-eac72a47d50c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 294 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8af0fe9b-95f5-41a6-ab50-0bf7f6cfe12a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 293 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8af0fe9b-95f5-41a6-ab50-0bf7f6cfe12a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 292 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8af0fe9b-95f5-41a6-ab50-0bf7f6cfe12a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 291 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8af0fe9b-95f5-41a6-ab50-0bf7f6cfe12a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 290 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8af0fe9b-95f5-41a6-ab50-0bf7f6cfe12a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 289 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8af0fe9b-95f5-41a6-ab50-0bf7f6cfe12a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 288 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a78f71d9-d886-4c8f-bd7e-7b82bafd5a44
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=44c91ef6-4474-4bf1-8836-fddd8dff1026
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 287 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5f4c458c-5b66-4048-9275-2d139b7ca12a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=1b3c40af-1acb-44ff-b01e-1086b5b6ef8f
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $symlink_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.ComponentModel;
using System.Runtime.InteropServices;
namespace Ansible.Command {
public class SymLinkHelper {
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool DeleteFileW(string lpFileName);
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool RemoveDirectoryW(string lpPathName);
public static void DeleteDirectory(string path) {
if (!RemoveDirectoryW(path))
throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
public static void DeleteFile(string path) {
if (!DeleteFileW(path))
throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 286 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5f4c458c-5b66-4048-9275-2d139b7ca12a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=1b3c40af-1acb-44ff-b01e-1086b5b6ef8f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 285 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5f4c458c-5b66-4048-9275-2d139b7ca12a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 284 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5f4c458c-5b66-4048-9275-2d139b7ca12a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 283 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5f4c458c-5b66-4048-9275-2d139b7ca12a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 282 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5f4c458c-5b66-4048-9275-2d139b7ca12a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 281 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5f4c458c-5b66-4048-9275-2d139b7ca12a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 280 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5f4c458c-5b66-4048-9275-2d139b7ca12a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 279 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5f4c458c-5b66-4048-9275-2d139b7ca12a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 278 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5f4c458c-5b66-4048-9275-2d139b7ca12a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 277 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:19 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a78f71d9-d886-4c8f-bd7e-7b82bafd5a44
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=44c91ef6-4474-4bf1-8836-fddd8dff1026
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 276 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a78f71d9-d886-4c8f-bd7e-7b82bafd5a44
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 275 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a78f71d9-d886-4c8f-bd7e-7b82bafd5a44
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 274 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a78f71d9-d886-4c8f-bd7e-7b82bafd5a44
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 273 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a78f71d9-d886-4c8f-bd7e-7b82bafd5a44
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 272 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a78f71d9-d886-4c8f-bd7e-7b82bafd5a44
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 271 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a78f71d9-d886-4c8f-bd7e-7b82bafd5a44
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 270 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0457e45f-9602-45f0-bf4e-9777856ad655
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=73a21570-4030-4b20-bf07-dbce050c42f6
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 269 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f82f3f64-5704-43b2-9f70-d82df523aa55
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=056b294f-80ee-4e1b-b588-3bce8c6e62da
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $symlink_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.ComponentModel;
using System.Runtime.InteropServices;
namespace Ansible.Command {
public class SymLinkHelper {
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool DeleteFileW(string lpFileName);
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool RemoveDirectoryW(string lpPathName);
public static void DeleteDirectory(string path) {
if (!RemoveDirectoryW(path))
throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
public static void DeleteFile(string path) {
if (!DeleteFileW(path))
throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 268 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:18 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f82f3f64-5704-43b2-9f70-d82df523aa55
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=056b294f-80ee-4e1b-b588-3bce8c6e62da
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 267 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f82f3f64-5704-43b2-9f70-d82df523aa55
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 266 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f82f3f64-5704-43b2-9f70-d82df523aa55
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 265 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f82f3f64-5704-43b2-9f70-d82df523aa55
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 264 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f82f3f64-5704-43b2-9f70-d82df523aa55
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 263 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f82f3f64-5704-43b2-9f70-d82df523aa55
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 262 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f82f3f64-5704-43b2-9f70-d82df523aa55
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 261 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f82f3f64-5704-43b2-9f70-d82df523aa55
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 260 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f82f3f64-5704-43b2-9f70-d82df523aa55
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 259 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:17 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0457e45f-9602-45f0-bf4e-9777856ad655
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=73a21570-4030-4b20-bf07-dbce050c42f6
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 258 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0457e45f-9602-45f0-bf4e-9777856ad655
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 257 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0457e45f-9602-45f0-bf4e-9777856ad655
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 256 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0457e45f-9602-45f0-bf4e-9777856ad655
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 255 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0457e45f-9602-45f0-bf4e-9777856ad655
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 254 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0457e45f-9602-45f0-bf4e-9777856ad655
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 253 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0457e45f-9602-45f0-bf4e-9777856ad655
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 252 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e72208a6-f03a-4e2b-9ec2-7376cd72b35c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b4956711-a15c-42a8-979e-0c9bf02032ee
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 251 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8cd7a683-9d37-475c-916d-d2bcd80f5110
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=4aba805d-cb3b-4cfc-988d-88f55b6bda3c
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $symlink_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.ComponentModel;
using System.Runtime.InteropServices;
namespace Ansible.Command {
public class SymLinkHelper {
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool DeleteFileW(string lpFileName);
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool RemoveDirectoryW(string lpPathName);
public static void DeleteDirectory(string path) {
if (!RemoveDirectoryW(path))
throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
public static void DeleteFile(string path) {
if (!DeleteFileW(path))
throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 250 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8cd7a683-9d37-475c-916d-d2bcd80f5110
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=4aba805d-cb3b-4cfc-988d-88f55b6bda3c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 249 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8cd7a683-9d37-475c-916d-d2bcd80f5110
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 248 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8cd7a683-9d37-475c-916d-d2bcd80f5110
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 247 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8cd7a683-9d37-475c-916d-d2bcd80f5110
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 246 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8cd7a683-9d37-475c-916d-d2bcd80f5110
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 245 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8cd7a683-9d37-475c-916d-d2bcd80f5110
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 244 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8cd7a683-9d37-475c-916d-d2bcd80f5110
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 243 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8cd7a683-9d37-475c-916d-d2bcd80f5110
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 242 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8cd7a683-9d37-475c-916d-d2bcd80f5110
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 241 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e72208a6-f03a-4e2b-9ec2-7376cd72b35c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b4956711-a15c-42a8-979e-0c9bf02032ee
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 240 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e72208a6-f03a-4e2b-9ec2-7376cd72b35c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 239 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e72208a6-f03a-4e2b-9ec2-7376cd72b35c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 238 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e72208a6-f03a-4e2b-9ec2-7376cd72b35c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 237 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e72208a6-f03a-4e2b-9ec2-7376cd72b35c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 236 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e72208a6-f03a-4e2b-9ec2-7376cd72b35c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 235 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e72208a6-f03a-4e2b-9ec2-7376cd72b35c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 234 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=82395d08-ca41-4957-8fd0-aa68678f6175
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=73c482e6-fd37-41bd-ab00-ba66f68334e9
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 233 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2e97f511-b029-4d07-9961-badfe60d04ff
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=d0ffc139-46e2-4958-8deb-95ec61da99d6
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $symlink_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.ComponentModel;
using System.Runtime.InteropServices;
namespace Ansible.Command {
public class SymLinkHelper {
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool DeleteFileW(string lpFileName);
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool RemoveDirectoryW(string lpPathName);
public static void DeleteDirectory(string path) {
if (!RemoveDirectoryW(path))
throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
public static void DeleteFile(string path) {
if (!DeleteFileW(path))
throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 232 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2e97f511-b029-4d07-9961-badfe60d04ff
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=d0ffc139-46e2-4958-8deb-95ec61da99d6
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 231 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2e97f511-b029-4d07-9961-badfe60d04ff
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 230 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2e97f511-b029-4d07-9961-badfe60d04ff
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 229 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2e97f511-b029-4d07-9961-badfe60d04ff
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 228 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2e97f511-b029-4d07-9961-badfe60d04ff
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 227 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2e97f511-b029-4d07-9961-badfe60d04ff
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 226 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2e97f511-b029-4d07-9961-badfe60d04ff
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 225 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2e97f511-b029-4d07-9961-badfe60d04ff
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 224 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2e97f511-b029-4d07-9961-badfe60d04ff
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 223 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=82395d08-ca41-4957-8fd0-aa68678f6175
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=73c482e6-fd37-41bd-ab00-ba66f68334e9
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 222 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=82395d08-ca41-4957-8fd0-aa68678f6175
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 221 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=82395d08-ca41-4957-8fd0-aa68678f6175
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 220 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=82395d08-ca41-4957-8fd0-aa68678f6175
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 219 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=82395d08-ca41-4957-8fd0-aa68678f6175
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 218 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=82395d08-ca41-4957-8fd0-aa68678f6175
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 217 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=82395d08-ca41-4957-8fd0-aa68678f6175
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 216 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a90b8d7b-e83e-442c-bd40-7d739c418749
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=bc338d2d-7d0d-465a-8c0d-a18f9222427f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 215 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=408fe4db-3af5-49a1-8932-158d0e10dd85
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABuAGUAdAAgAHUAcwBlAHIAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACAAUABhAHMAcwB3ADAAcgBkAA==
EngineVersion=5.1.14393.1944
RunspaceId=7ced45dd-3b56-4989-837e-3927bb1a1231
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 214 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=408fe4db-3af5-49a1-8932-158d0e10dd85
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABuAGUAdAAgAHUAcwBlAHIAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACAAUABhAHMAcwB3ADAAcgBkAA==
EngineVersion=5.1.14393.1944
RunspaceId=7ced45dd-3b56-4989-837e-3927bb1a1231
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 213 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=408fe4db-3af5-49a1-8932-158d0e10dd85
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABuAGUAdAAgAHUAcwBlAHIAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACAAUABhAHMAcwB3ADAAcgBkAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 212 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=408fe4db-3af5-49a1-8932-158d0e10dd85
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABuAGUAdAAgAHUAcwBlAHIAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACAAUABhAHMAcwB3ADAAcgBkAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 211 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=408fe4db-3af5-49a1-8932-158d0e10dd85
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABuAGUAdAAgAHUAcwBlAHIAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACAAUABhAHMAcwB3ADAAcgBkAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 210 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=408fe4db-3af5-49a1-8932-158d0e10dd85
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABuAGUAdAAgAHUAcwBlAHIAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACAAUABhAHMAcwB3ADAAcgBkAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 209 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=408fe4db-3af5-49a1-8932-158d0e10dd85
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABuAGUAdAAgAHUAcwBlAHIAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACAAUABhAHMAcwB3ADAAcgBkAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 208 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=408fe4db-3af5-49a1-8932-158d0e10dd85
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABuAGUAdAAgAHUAcwBlAHIAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACAAUABhAHMAcwB3ADAAcgBkAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 207 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=df794e29-ea13-4992-979e-0b09544edbd2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=fc08e729-c681-40b3-8816-aec883f439de
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 206 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:12 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=df794e29-ea13-4992-979e-0b09544edbd2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=fc08e729-c681-40b3-8816-aec883f439de
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 205 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=df794e29-ea13-4992-979e-0b09544edbd2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 204 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=df794e29-ea13-4992-979e-0b09544edbd2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 203 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=df794e29-ea13-4992-979e-0b09544edbd2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 202 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=df794e29-ea13-4992-979e-0b09544edbd2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 201 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=df794e29-ea13-4992-979e-0b09544edbd2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 200 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=df794e29-ea13-4992-979e-0b09544edbd2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 199 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=df794e29-ea13-4992-979e-0b09544edbd2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 198 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=df794e29-ea13-4992-979e-0b09544edbd2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 197 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a90b8d7b-e83e-442c-bd40-7d739c418749
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=bc338d2d-7d0d-465a-8c0d-a18f9222427f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 196 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a90b8d7b-e83e-442c-bd40-7d739c418749
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 195 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a90b8d7b-e83e-442c-bd40-7d739c418749
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 194 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a90b8d7b-e83e-442c-bd40-7d739c418749
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 193 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a90b8d7b-e83e-442c-bd40-7d739c418749
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 192 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a90b8d7b-e83e-442c-bd40-7d739c418749
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 191 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a90b8d7b-e83e-442c-bd40-7d739c418749
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 190 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:09 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=36
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=452455a5-1cc4-4b77-a15a-bc71466f7ca3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=46d3e307-b5c5-496f-bb88-f54e80d6807b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 189 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:06 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -AssemblyName System.DirectoryServices.AccountManagement
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=34
UserId=HV-CINDER-78692\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6ca1eea7-061e-4dd0-82c8-6ffb9a804528
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=4b533eaf-46df-4ea8-a15c-c4bfcf4845f7
PipelineId=5
ScriptName=
CommandLine= Add-Type -AssemblyName System.DirectoryServices.AccountManagement
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="AssemblyName"; value="System.DirectoryServices.AccountManagement"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 188 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:09:00 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6ca1eea7-061e-4dd0-82c8-6ffb9a804528
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=4b533eaf-46df-4ea8-a15c-c4bfcf4845f7
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 187 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:08:54 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6ca1eea7-061e-4dd0-82c8-6ffb9a804528
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 186 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:08:54 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6ca1eea7-061e-4dd0-82c8-6ffb9a804528
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 185 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:08:54 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6ca1eea7-061e-4dd0-82c8-6ffb9a804528
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 184 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:08:54 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6ca1eea7-061e-4dd0-82c8-6ffb9a804528
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 183 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:08:54 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6ca1eea7-061e-4dd0-82c8-6ffb9a804528
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 182 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:08:54 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6ca1eea7-061e-4dd0-82c8-6ffb9a804528
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 181 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:08:54 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6ca1eea7-061e-4dd0-82c8-6ffb9a804528
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 180 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:08:54 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6ca1eea7-061e-4dd0-82c8-6ffb9a804528
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 179 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:08:54 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=452455a5-1cc4-4b77-a15a-bc71466f7ca3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=46d3e307-b5c5-496f-bb88-f54e80d6807b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 178 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:08:53 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=452455a5-1cc4-4b77-a15a-bc71466f7ca3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 177 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:08:53 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=452455a5-1cc4-4b77-a15a-bc71466f7ca3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 176 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:08:53 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=452455a5-1cc4-4b77-a15a-bc71466f7ca3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 175 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:08:53 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=452455a5-1cc4-4b77-a15a-bc71466f7ca3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 174 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:08:53 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=452455a5-1cc4-4b77-a15a-bc71466f7ca3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 173 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:08:53 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=452455a5-1cc4-4b77-a15a-bc71466f7ca3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 172 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:08:53 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=99b61878-c1c5-4e21-a519-1c439312d3a7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=42c4e661-b8f0-4edf-8e84-a338e1c22f6c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 171 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:08:47 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0b0bd150-1a53-49d4-bb40-f4a049c57d0d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e4b00da8-f321-4cfb-913e-ad2caa81e308
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 170 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:08:46 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0b0bd150-1a53-49d4-bb40-f4a049c57d0d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 169 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:08:46 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0b0bd150-1a53-49d4-bb40-f4a049c57d0d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 168 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:08:46 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0b0bd150-1a53-49d4-bb40-f4a049c57d0d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 167 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:08:46 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0b0bd150-1a53-49d4-bb40-f4a049c57d0d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 166 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:08:46 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0b0bd150-1a53-49d4-bb40-f4a049c57d0d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 165 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:08:46 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0b0bd150-1a53-49d4-bb40-f4a049c57d0d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 164 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:08:46 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0b0bd150-1a53-49d4-bb40-f4a049c57d0d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 163 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:08:46 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0b0bd150-1a53-49d4-bb40-f4a049c57d0d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 162 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:08:46 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=99b61878-c1c5-4e21-a519-1c439312d3a7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=42c4e661-b8f0-4edf-8e84-a338e1c22f6c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 161 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:08:44 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=99b61878-c1c5-4e21-a519-1c439312d3a7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 160 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:08:43 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=99b61878-c1c5-4e21-a519-1c439312d3a7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 159 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:08:43 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=99b61878-c1c5-4e21-a519-1c439312d3a7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 158 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:08:43 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=99b61878-c1c5-4e21-a519-1c439312d3a7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 157 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:08:43 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=99b61878-c1c5-4e21-a519-1c439312d3a7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 156 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:08:43 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=99b61878-c1c5-4e21-a519-1c439312d3a7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 155 | PowerShell | | Windows PowerShell | | | hv-cinder-78692 | | 7/14/2021 11:08:43 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f12a398c-107d-4e0f-819a-ffc53bc92407
HostApplication=C:\windows\system32\ServerManager.exe -arw
EngineVersion=5.1.14393.1944
RunspaceId=7daab07d-0651-4522-8638-68cfa15aacea
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 154 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:43:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f12a398c-107d-4e0f-819a-ffc53bc92407
HostApplication=C:\windows\system32\ServerManager.exe -arw
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 153 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:43:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=13
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f12a398c-107d-4e0f-819a-ffc53bc92407
HostApplication=C:\windows\system32\ServerManager.exe -arw
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 152 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:43:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f12a398c-107d-4e0f-819a-ffc53bc92407
HostApplication=C:\windows\system32\ServerManager.exe -arw
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 151 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:43:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f12a398c-107d-4e0f-819a-ffc53bc92407
HostApplication=C:\windows\system32\ServerManager.exe -arw
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 150 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:43:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f12a398c-107d-4e0f-819a-ffc53bc92407
HostApplication=C:\windows\system32\ServerManager.exe -arw
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 149 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:43:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f12a398c-107d-4e0f-819a-ffc53bc92407
HostApplication=C:\windows\system32\ServerManager.exe -arw
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 148 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:43:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f12a398c-107d-4e0f-819a-ffc53bc92407
HostApplication=C:\windows\system32\ServerManager.exe -arw
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 147 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:43:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f12a398c-107d-4e0f-819a-ffc53bc92407
HostApplication=C:\windows\system32\ServerManager.exe -arw
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 146 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:43:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c54d91e0-8178-4d66-adf6-1769cb7a50d5
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=5.1.14393.1944
RunspaceId=aec94911-82d5-4605-ada7-e49055ea6007
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 145 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:41:47 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c54d91e0-8178-4d66-adf6-1769cb7a50d5
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 144 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:41:47 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c54d91e0-8178-4d66-adf6-1769cb7a50d5
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 143 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:41:47 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c54d91e0-8178-4d66-adf6-1769cb7a50d5
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 142 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:41:47 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c54d91e0-8178-4d66-adf6-1769cb7a50d5
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 141 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:41:47 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c54d91e0-8178-4d66-adf6-1769cb7a50d5
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 140 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:41:47 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c54d91e0-8178-4d66-adf6-1769cb7a50d5
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 139 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:41:47 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7a6064d3-caf8-4b2c-90d6-6614b6bb2722
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=5.1.14393.1944
RunspaceId=8db922f0-0511-49c4-b38a-fbdb0b2889c8
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 138 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:27:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7a6064d3-caf8-4b2c-90d6-6614b6bb2722
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 137 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:27:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7a6064d3-caf8-4b2c-90d6-6614b6bb2722
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 136 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:27:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7a6064d3-caf8-4b2c-90d6-6614b6bb2722
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 135 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:27:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7a6064d3-caf8-4b2c-90d6-6614b6bb2722
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 134 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:27:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7a6064d3-caf8-4b2c-90d6-6614b6bb2722
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 133 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:27:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7a6064d3-caf8-4b2c-90d6-6614b6bb2722
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 132 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:27:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a2011431-ed26-493a-9d87-2110cadf0708
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=5.1.14393.1944
RunspaceId=f313b4cd-0f39-498d-9ea1-7d6a0388a78e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 131 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:23:42 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a2011431-ed26-493a-9d87-2110cadf0708
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 130 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:23:42 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a2011431-ed26-493a-9d87-2110cadf0708
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 129 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:23:42 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a2011431-ed26-493a-9d87-2110cadf0708
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 128 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:23:42 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a2011431-ed26-493a-9d87-2110cadf0708
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 127 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:23:42 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a2011431-ed26-493a-9d87-2110cadf0708
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 126 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:23:42 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a2011431-ed26-493a-9d87-2110cadf0708
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 125 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:23:42 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c2f4985e-6412-4fdf-bb96-36c7724b824a
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=5.1.14393.1944
RunspaceId=36a249c5-de3e-419e-a7df-98ad369b2d9e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 124 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:19:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c2f4985e-6412-4fdf-bb96-36c7724b824a
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 123 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:19:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c2f4985e-6412-4fdf-bb96-36c7724b824a
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 122 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:19:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c2f4985e-6412-4fdf-bb96-36c7724b824a
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 121 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:19:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c2f4985e-6412-4fdf-bb96-36c7724b824a
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 120 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:19:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c2f4985e-6412-4fdf-bb96-36c7724b824a
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 119 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:19:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c2f4985e-6412-4fdf-bb96-36c7724b824a
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 118 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:19:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=19
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8d90c0c8-a196-44ca-8b2d-eea3c4a4191a
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=5.1.14393.1944
RunspaceId=52ed0133-95ba-4d7e-a2ba-ec8c934216bb
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 117 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:11:43 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=15
UserId=WIN-5T344G8GM1H\Administrator
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=472903c4-35b3-4c83-9276-711692bf7dcf
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=5.1.14393.1944
RunspaceId=98467050-eab8-4e58-97d4-7e9397ff0dd0
PipelineId=1
ScriptName=
CommandLine=Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="AssemblyName"; value="System.Windows.Forms"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 116 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:55:07 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=472903c4-35b3-4c83-9276-711692bf7dcf
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=5.1.14393.1944
RunspaceId=98467050-eab8-4e58-97d4-7e9397ff0dd0
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 115 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:55:06 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=472903c4-35b3-4c83-9276-711692bf7dcf
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 114 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:55:05 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=472903c4-35b3-4c83-9276-711692bf7dcf
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 113 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:55:05 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=472903c4-35b3-4c83-9276-711692bf7dcf
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 112 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:55:05 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=472903c4-35b3-4c83-9276-711692bf7dcf
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 111 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:55:05 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=472903c4-35b3-4c83-9276-711692bf7dcf
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 110 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:55:05 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=472903c4-35b3-4c83-9276-711692bf7dcf
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 109 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:55:05 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $Source -Language CSharp
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=15
UserId=WIN-5T344G8GM1H\Administrator
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8d90c0c8-a196-44ca-8b2d-eea3c4a4191a
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=5.1.14393.1944
RunspaceId=52ed0133-95ba-4d7e-a2ba-ec8c934216bb
PipelineId=1
ScriptName=C:\UnattendResources\ini.psm1
CommandLine=Add-Type -TypeDefinition $Source -Language CSharp
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.Text;
using System.Runtime.InteropServices;
namespace PSCloudbase
{
public sealed class Win32IniApi
{
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern uint GetPrivateProfileString(
string lpAppName,
string lpKeyName,
string lpDefault,
StringBuilder lpReturnedString,
uint nSize,
string lpFileName);
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool WritePrivateProfileString(
string lpAppName,
string lpKeyName,
StringBuilder lpString, // Don't use string, as Powershell replaces with an empty string
string lpFileName);
[DllImport("Kernel32.dll")]
public static extern uint GetLastError();
}
}"
ParameterBinding(Add-Type): name="Language"; value="CSharp"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 108 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:55:05 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8d90c0c8-a196-44ca-8b2d-eea3c4a4191a
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=5.1.14393.1944
RunspaceId=52ed0133-95ba-4d7e-a2ba-ec8c934216bb
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 107 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:55:03 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8d90c0c8-a196-44ca-8b2d-eea3c4a4191a
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 106 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:55:03 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8d90c0c8-a196-44ca-8b2d-eea3c4a4191a
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 105 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:55:03 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8d90c0c8-a196-44ca-8b2d-eea3c4a4191a
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 104 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:55:03 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8d90c0c8-a196-44ca-8b2d-eea3c4a4191a
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 103 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:55:03 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8d90c0c8-a196-44ca-8b2d-eea3c4a4191a
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 102 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:55:03 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8d90c0c8-a196-44ca-8b2d-eea3c4a4191a
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 101 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:55:03 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=17
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ea279757-10d2-4b3f-aea3-9bd56d8b557d
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=5.1.14393.1944
RunspaceId=4d6fad3d-f0b3-4bbe-8ad9-b26d9ec7292f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 100 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:54:38 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=15
UserId=WIN-5T344G8GM1H\Administrator
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=995b7f6b-ae81-4871-be65-0f9f65a759a3
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=5.1.14393.1944
RunspaceId=a4a0a07f-06ac-4a2d-86a2-f4c056fed0a8
PipelineId=1
ScriptName=
CommandLine=Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="AssemblyName"; value="System.Windows.Forms"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 99 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:51:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=995b7f6b-ae81-4871-be65-0f9f65a759a3
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=5.1.14393.1944
RunspaceId=a4a0a07f-06ac-4a2d-86a2-f4c056fed0a8
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 98 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:51:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=995b7f6b-ae81-4871-be65-0f9f65a759a3
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 97 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:51:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=995b7f6b-ae81-4871-be65-0f9f65a759a3
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 96 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:51:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=995b7f6b-ae81-4871-be65-0f9f65a759a3
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 95 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:51:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=995b7f6b-ae81-4871-be65-0f9f65a759a3
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 94 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:51:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=995b7f6b-ae81-4871-be65-0f9f65a759a3
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 93 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:51:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=995b7f6b-ae81-4871-be65-0f9f65a759a3
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 92 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:51:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $Source -Language CSharp
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=15
UserId=WIN-5T344G8GM1H\Administrator
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ea279757-10d2-4b3f-aea3-9bd56d8b557d
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=5.1.14393.1944
RunspaceId=4d6fad3d-f0b3-4bbe-8ad9-b26d9ec7292f
PipelineId=1
ScriptName=C:\UnattendResources\ini.psm1
CommandLine=Add-Type -TypeDefinition $Source -Language CSharp
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.Text;
using System.Runtime.InteropServices;
namespace PSCloudbase
{
public sealed class Win32IniApi
{
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern uint GetPrivateProfileString(
string lpAppName,
string lpKeyName,
string lpDefault,
StringBuilder lpReturnedString,
uint nSize,
string lpFileName);
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool WritePrivateProfileString(
string lpAppName,
string lpKeyName,
StringBuilder lpString, // Don't use string, as Powershell replaces with an empty string
string lpFileName);
[DllImport("Kernel32.dll")]
public static extern uint GetLastError();
}
}"
ParameterBinding(Add-Type): name="Language"; value="CSharp"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 91 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:51:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ea279757-10d2-4b3f-aea3-9bd56d8b557d
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=5.1.14393.1944
RunspaceId=4d6fad3d-f0b3-4bbe-8ad9-b26d9ec7292f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 90 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:51:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ea279757-10d2-4b3f-aea3-9bd56d8b557d
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 89 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:51:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ea279757-10d2-4b3f-aea3-9bd56d8b557d
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 88 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:51:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ea279757-10d2-4b3f-aea3-9bd56d8b557d
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 87 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:51:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ea279757-10d2-4b3f-aea3-9bd56d8b557d
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 86 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:51:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ea279757-10d2-4b3f-aea3-9bd56d8b557d
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 85 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:51:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ea279757-10d2-4b3f-aea3-9bd56d8b557d
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 84 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:51:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=17
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb254b8e-13be-4f9e-988c-f1dc5bcf1c3e
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=5.1.14393.1944
RunspaceId=c332c739-15b8-4812-b056-a474dd9993ce
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 83 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:45:55 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=15
UserId=WIN-5T344G8GM1H\Administrator
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a3c4b136-8b92-4591-8d05-55b9cc36181c
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=5.1.14393.1944
RunspaceId=27951a80-e512-49a7-b578-8a8c4c59ae5e
PipelineId=1
ScriptName=
CommandLine=Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="AssemblyName"; value="System.Windows.Forms"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 82 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:24:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a3c4b136-8b92-4591-8d05-55b9cc36181c
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=5.1.14393.1944
RunspaceId=27951a80-e512-49a7-b578-8a8c4c59ae5e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 81 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:24:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a3c4b136-8b92-4591-8d05-55b9cc36181c
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 80 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:24:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a3c4b136-8b92-4591-8d05-55b9cc36181c
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 79 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:24:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a3c4b136-8b92-4591-8d05-55b9cc36181c
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 78 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:24:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a3c4b136-8b92-4591-8d05-55b9cc36181c
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 77 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:24:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a3c4b136-8b92-4591-8d05-55b9cc36181c
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 76 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:24:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a3c4b136-8b92-4591-8d05-55b9cc36181c
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 75 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:24:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $Source -Language CSharp
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=15
UserId=WIN-5T344G8GM1H\Administrator
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb254b8e-13be-4f9e-988c-f1dc5bcf1c3e
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=5.1.14393.1944
RunspaceId=c332c739-15b8-4812-b056-a474dd9993ce
PipelineId=1
ScriptName=C:\UnattendResources\ini.psm1
CommandLine=Add-Type -TypeDefinition $Source -Language CSharp
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.Text;
using System.Runtime.InteropServices;
namespace PSCloudbase
{
public sealed class Win32IniApi
{
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern uint GetPrivateProfileString(
string lpAppName,
string lpKeyName,
string lpDefault,
StringBuilder lpReturnedString,
uint nSize,
string lpFileName);
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool WritePrivateProfileString(
string lpAppName,
string lpKeyName,
StringBuilder lpString, // Don't use string, as Powershell replaces with an empty string
string lpFileName);
[DllImport("Kernel32.dll")]
public static extern uint GetLastError();
}
}"
ParameterBinding(Add-Type): name="Language"; value="CSharp"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 74 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:24:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb254b8e-13be-4f9e-988c-f1dc5bcf1c3e
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=5.1.14393.1944
RunspaceId=c332c739-15b8-4812-b056-a474dd9993ce
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 73 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:24:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb254b8e-13be-4f9e-988c-f1dc5bcf1c3e
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 72 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:24:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb254b8e-13be-4f9e-988c-f1dc5bcf1c3e
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 71 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:24:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb254b8e-13be-4f9e-988c-f1dc5bcf1c3e
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 70 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:24:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb254b8e-13be-4f9e-988c-f1dc5bcf1c3e
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 69 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:24:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb254b8e-13be-4f9e-988c-f1dc5bcf1c3e
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 68 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:24:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb254b8e-13be-4f9e-988c-f1dc5bcf1c3e
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 67 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:24:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=15
UserId=WIN-5T344G8GM1H\Administrator
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3b12ced5-170e-4ade-ada5-d47a03367310
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=5.1.14393.1944
RunspaceId=4d7d6ea6-001a-4f6f-8ec6-2fb1c9710a0b
PipelineId=1
ScriptName=
CommandLine=Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="AssemblyName"; value="System.Windows.Forms"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 66 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 6:07:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3b12ced5-170e-4ade-ada5-d47a03367310
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=5.1.14393.1944
RunspaceId=4d7d6ea6-001a-4f6f-8ec6-2fb1c9710a0b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 65 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 6:07:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3b12ced5-170e-4ade-ada5-d47a03367310
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 64 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 6:07:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3b12ced5-170e-4ade-ada5-d47a03367310
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 63 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 6:07:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3b12ced5-170e-4ade-ada5-d47a03367310
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 62 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 6:07:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3b12ced5-170e-4ade-ada5-d47a03367310
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 61 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 6:07:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3b12ced5-170e-4ade-ada5-d47a03367310
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 60 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 6:07:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3b12ced5-170e-4ade-ada5-d47a03367310
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 59 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 6:07:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $Source -Language CSharp
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=15
UserId=WIN-5T344G8GM1H\Administrator
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a50f47e2-8630-4973-8a45-00e6a9d807c9
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=5.1.14393.1944
RunspaceId=0abd4cfa-d693-4f23-b0cc-b5ff1c872ac6
PipelineId=1
ScriptName=C:\UnattendResources\ini.psm1
CommandLine=Add-Type -TypeDefinition $Source -Language CSharp
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.Text;
using System.Runtime.InteropServices;
namespace PSCloudbase
{
public sealed class Win32IniApi
{
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern uint GetPrivateProfileString(
string lpAppName,
string lpKeyName,
string lpDefault,
StringBuilder lpReturnedString,
uint nSize,
string lpFileName);
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool WritePrivateProfileString(
string lpAppName,
string lpKeyName,
StringBuilder lpString, // Don't use string, as Powershell replaces with an empty string
string lpFileName);
[DllImport("Kernel32.dll")]
public static extern uint GetLastError();
}
}"
ParameterBinding(Add-Type): name="Language"; value="CSharp"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 58 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 6:07:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a50f47e2-8630-4973-8a45-00e6a9d807c9
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=5.1.14393.1944
RunspaceId=0abd4cfa-d693-4f23-b0cc-b5ff1c872ac6
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 57 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 6:07:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a50f47e2-8630-4973-8a45-00e6a9d807c9
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 56 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 6:07:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a50f47e2-8630-4973-8a45-00e6a9d807c9
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 55 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 6:07:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a50f47e2-8630-4973-8a45-00e6a9d807c9
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 54 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 6:07:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a50f47e2-8630-4973-8a45-00e6a9d807c9
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 53 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 6:07:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a50f47e2-8630-4973-8a45-00e6a9d807c9
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 52 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 6:07:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a50f47e2-8630-4973-8a45-00e6a9d807c9
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 51 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 6:07:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=17
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b2985717-76be-43ef-9b0a-41db65a781f6
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=5.1.14393.1944
RunspaceId=21324846-87d1-4add-8e96-8b8ecf3baec5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 50 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 6:02:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=15
UserId=WIN-5T344G8GM1H\Administrator
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4c0ae675-b105-412a-be64-2005b0dcac13
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=5.1.14393.1944
RunspaceId=435f43b7-5ec6-41ea-9e53-9b93107b8d41
PipelineId=1
ScriptName=
CommandLine=Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="AssemblyName"; value="System.Windows.Forms"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 49 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:43:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4c0ae675-b105-412a-be64-2005b0dcac13
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=5.1.14393.1944
RunspaceId=435f43b7-5ec6-41ea-9e53-9b93107b8d41
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 48 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:43:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4c0ae675-b105-412a-be64-2005b0dcac13
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 47 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:43:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4c0ae675-b105-412a-be64-2005b0dcac13
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 46 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:43:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4c0ae675-b105-412a-be64-2005b0dcac13
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 45 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:43:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4c0ae675-b105-412a-be64-2005b0dcac13
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 44 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:43:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4c0ae675-b105-412a-be64-2005b0dcac13
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 43 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:43:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4c0ae675-b105-412a-be64-2005b0dcac13
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 42 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:43:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $Source -Language CSharp
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=15
UserId=WIN-5T344G8GM1H\Administrator
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b2985717-76be-43ef-9b0a-41db65a781f6
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=5.1.14393.1944
RunspaceId=21324846-87d1-4add-8e96-8b8ecf3baec5
PipelineId=1
ScriptName=C:\UnattendResources\ini.psm1
CommandLine=Add-Type -TypeDefinition $Source -Language CSharp
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.Text;
using System.Runtime.InteropServices;
namespace PSCloudbase
{
public sealed class Win32IniApi
{
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern uint GetPrivateProfileString(
string lpAppName,
string lpKeyName,
string lpDefault,
StringBuilder lpReturnedString,
uint nSize,
string lpFileName);
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool WritePrivateProfileString(
string lpAppName,
string lpKeyName,
StringBuilder lpString, // Don't use string, as Powershell replaces with an empty string
string lpFileName);
[DllImport("Kernel32.dll")]
public static extern uint GetLastError();
}
}"
ParameterBinding(Add-Type): name="Language"; value="CSharp"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 41 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:43:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b2985717-76be-43ef-9b0a-41db65a781f6
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=5.1.14393.1944
RunspaceId=21324846-87d1-4add-8e96-8b8ecf3baec5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 40 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:43:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b2985717-76be-43ef-9b0a-41db65a781f6
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 39 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:43:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b2985717-76be-43ef-9b0a-41db65a781f6
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 38 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:43:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b2985717-76be-43ef-9b0a-41db65a781f6
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 37 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:43:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b2985717-76be-43ef-9b0a-41db65a781f6
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 36 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:43:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b2985717-76be-43ef-9b0a-41db65a781f6
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 35 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:43:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b2985717-76be-43ef-9b0a-41db65a781f6
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 34 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:43:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=17
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=c8f34489-4e8b-4b9c-84c9-71725a4cc1f0
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=5.1.14393.0
RunspaceId=9f172a18-8cea-4b39-aef6-cb820c01f9d3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 33 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:35:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=15
UserId=WIN-5T344G8GM1H\Administrator
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=db882125-c9ba-4a77-b198-18055547ec63
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=5.1.14393.0
RunspaceId=e01d735e-b2d6-4538-b5bc-96db397d918b
PipelineId=1
ScriptName=
CommandLine=Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="AssemblyName"; value="System.Windows.Forms"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 32 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=db882125-c9ba-4a77-b198-18055547ec63
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=5.1.14393.0
RunspaceId=e01d735e-b2d6-4538-b5bc-96db397d918b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 31 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=db882125-c9ba-4a77-b198-18055547ec63
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 30 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=db882125-c9ba-4a77-b198-18055547ec63
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 29 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=db882125-c9ba-4a77-b198-18055547ec63
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 28 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=db882125-c9ba-4a77-b198-18055547ec63
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 27 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=db882125-c9ba-4a77-b198-18055547ec63
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 26 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=db882125-c9ba-4a77-b198-18055547ec63
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 25 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $Source -Language CSharp
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=15
UserId=WIN-5T344G8GM1H\Administrator
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=c8f34489-4e8b-4b9c-84c9-71725a4cc1f0
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=5.1.14393.0
RunspaceId=9f172a18-8cea-4b39-aef6-cb820c01f9d3
PipelineId=1
ScriptName=C:\UnattendResources\ini.psm1
CommandLine=Add-Type -TypeDefinition $Source -Language CSharp
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.Text;
using System.Runtime.InteropServices;
namespace PSCloudbase
{
public sealed class Win32IniApi
{
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern uint GetPrivateProfileString(
string lpAppName,
string lpKeyName,
string lpDefault,
StringBuilder lpReturnedString,
uint nSize,
string lpFileName);
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool WritePrivateProfileString(
string lpAppName,
string lpKeyName,
StringBuilder lpString, // Don't use string, as Powershell replaces with an empty string
string lpFileName);
[DllImport("Kernel32.dll")]
public static extern uint GetLastError();
}
}"
ParameterBinding(Add-Type): name="Language"; value="CSharp"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 24 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=c8f34489-4e8b-4b9c-84c9-71725a4cc1f0
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=5.1.14393.0
RunspaceId=9f172a18-8cea-4b39-aef6-cb820c01f9d3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 23 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=c8f34489-4e8b-4b9c-84c9-71725a4cc1f0
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 22 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=c8f34489-4e8b-4b9c-84c9-71725a4cc1f0
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 21 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=c8f34489-4e8b-4b9c-84c9-71725a4cc1f0
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 20 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=c8f34489-4e8b-4b9c-84c9-71725a4cc1f0
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 19 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=c8f34489-4e8b-4b9c-84c9-71725a4cc1f0
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 18 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=c8f34489-4e8b-4b9c-84c9-71725a4cc1f0
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 17 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=f8b52ff0-c0fa-41d2-8730-2edabd513ac2
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\FirstLogon.ps1
EngineVersion=5.1.14393.0
RunspaceId=8cefcba8-87f3-4fed-b96a-f2c105b2f3da
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 16 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=f8b52ff0-c0fa-41d2-8730-2edabd513ac2
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\FirstLogon.ps1
EngineVersion=5.1.14393.0
RunspaceId=8cefcba8-87f3-4fed-b96a-f2c105b2f3da
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 15 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=f8b52ff0-c0fa-41d2-8730-2edabd513ac2
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\FirstLogon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 14 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=f8b52ff0-c0fa-41d2-8730-2edabd513ac2
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\FirstLogon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 13 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=f8b52ff0-c0fa-41d2-8730-2edabd513ac2
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\FirstLogon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 12 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=f8b52ff0-c0fa-41d2-8730-2edabd513ac2
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\FirstLogon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 11 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=f8b52ff0-c0fa-41d2-8730-2edabd513ac2
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\FirstLogon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 10 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=f8b52ff0-c0fa-41d2-8730-2edabd513ac2
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\FirstLogon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 9 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=2fd1a573-9000-4aa5-8a71-3f725488857f
HostApplication=powershell -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Specialize.ps1
EngineVersion=5.1.14393.0
RunspaceId=16e771eb-c367-43f8-b362-2bd303750968
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 8 | PowerShell | | Windows PowerShell | | | WIN-PD8DQPRRTAO | | 1/16/2018 5:01:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=2fd1a573-9000-4aa5-8a71-3f725488857f
HostApplication=powershell -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Specialize.ps1
EngineVersion=5.1.14393.0
RunspaceId=16e771eb-c367-43f8-b362-2bd303750968
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 7 | PowerShell | | Windows PowerShell | | | WIN-PD8DQPRRTAO | | 1/16/2018 5:01:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=2fd1a573-9000-4aa5-8a71-3f725488857f
HostApplication=powershell -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Specialize.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 6 | PowerShell | | Windows PowerShell | | | WIN-PD8DQPRRTAO | | 1/16/2018 5:01:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=2fd1a573-9000-4aa5-8a71-3f725488857f
HostApplication=powershell -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Specialize.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 5 | PowerShell | | Windows PowerShell | | | WIN-PD8DQPRRTAO | | 1/16/2018 5:01:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=2fd1a573-9000-4aa5-8a71-3f725488857f
HostApplication=powershell -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Specialize.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 4 | PowerShell | | Windows PowerShell | | | WIN-PD8DQPRRTAO | | 1/16/2018 5:01:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=2fd1a573-9000-4aa5-8a71-3f725488857f
HostApplication=powershell -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Specialize.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3 | PowerShell | | Windows PowerShell | | | WIN-PD8DQPRRTAO | | 1/16/2018 5:01:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=2fd1a573-9000-4aa5-8a71-3f725488857f
HostApplication=powershell -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Specialize.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2 | PowerShell | | Windows PowerShell | | | WIN-PD8DQPRRTAO | | 1/16/2018 5:01:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=2fd1a573-9000-4aa5-8a71-3f725488857f
HostApplication=powershell -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Specialize.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1 | PowerShell | | Windows PowerShell | | | WIN-PD8DQPRRTAO | | 1/16/2018 5:01:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |